First Apple App Store Malware App Found, Removed

The first ever malware app on the Apple App Store has been found by Kaspersky but it was also swiftly removed by Apple from its online market of apps.

Information about the malware app – called Find and Call – was revealed by Kaspersky through one of its senior malware analysts Denis Maslennikov on a post on the security company’s Securelist blog.

What the app does is it covertly downloads information from a device it is installed in and it also sends out spam messages to numbers in that device’s address book.

According to Maslennikov, Russian mobile carrier MegaFon alerted them to Find and Call. At first, Kaspersky and its experts thought the app was an SMS worm spread via short messaging service.

However, when they looked more closely into the app, they found that it is “a Trojan that uploads a user’s phonebook to remote server.” It was consequently detected by Kaspersky to be “Trojan.AndroidOS.Fidall.a” and “Trojan.IphoneOS.Fidall.a”.

But not to worry, Find and Call has been flushed out of the Apple App Store and the Google Play store where it was available.

As to how the app worked, Maslennikov wrote:

“If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server in the following format: http://abonent.findandcall.com/system/profile/phoneBook?sid=

So, what happens next? User will be able to continue using the application but at the same time the application steals data from the device (phone book and cell phone numbers) which are uploaded to a remote server to be used for SMS spam campaigns. Each phone book entry will receive SMS spam message offering to click on the URL and download this ‘Find and Call’ application. It is worth mentioning that the ‘from’ field contains the user’s cell phone number. In other words, people will receive an SMS spam message from a trusted source.”

The app also has provision to add a PayPal account which is scary since the app was engineered to do bad. You wouldn’t want your account – an account with money, no less – to be accessible to who created this malware app.

This feature, however, led Kaspersky to finding that PayPal payments for adding money to Find and Call accounts sent money to “LABWEALTH.COM PTE. LTD.” in Singapore.

Maslennikov explains that this app is not the first app which has had privacy concerns in the Apple App Store. Some apps available in the App Store has come under fire in the past for uploading address books to servers, sometimes in plain text format. This is also certainly not the first malware app on the Google Play Store. However, the analyst said that “it’s for the first time when we have confirmed case of malicious usage of such data,” which makes the Find and Call app the first malware instance on the Apple App Store.

Image from brum d on Flickr (CC)

[cb]Apple[/cb]

[cb]Google[/cb]