“Find and Call,” the first malicious app to make it into the iOS App Store was removed today, after reports surfaced of it stealing address books and spamming contacts.
The app was first noticed by security researchers at Kaspersky Lab, according to Wired. It paraded as a utility app and a way to organize your contacts, when it was actually stealing the phone’s address book and targeting friends and family with spam messages and e-mails.
Sponsored by VB
This utility category in the Android Google Play store, where the app was also listed, is known to have issues with malicious app entries. Security analysts often caution people to know what they’re downloading when purchasing a utility app.
The spam was effectively a marketing ploy. Once it gained access to the address book, it sent messages to contacts posing as the user, prompting them to download the app. The developers did include a request for access to the address book, however, saying the user could find more friends using the address book feature.
According to Forbes, the issue only affected Russian iOS users, and the developer is claiming it was the result of a bug. Apple confirmed to Wired that the app was removed from the App Store due to this specific problem.
The issue appeared right around the same time Apple started distributing corrupt app updates to users of Instapaper, Angry Birds Space, and over 100 other apps. The two are undoubtedly unconnected, however.
VB's research team is studying mobile user acquisition... Chime in here, and we’ll share the results.