Apple and Google confiscated an app from their store after it was found to be harvesting users’ phone books and sending unwanted texts.
According to Kaspersky Lab, the Find and Call app was initially considered as SMS worm but was later found to be a Trojan. Kaspersky is a Russian security firm.
By providing a phone number and email registration in this app, it gives access to phone’s contact list and sends messages to friends and family with a link to Find and Call.
The text is sent along with the user’s name, leading receivers to believe the text and the embedded link comes from a trusted source.
Kaspersky Lab also observed that both iOS and Android versions used to upload users’ GPS coordinates to the remote server. Hence, the users willfully enter their account information for social networks, email and even PayPal to deposit money to an account.
The app has been removed from the App store, as it violates the rules and regulations of the store.
“The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines,” Apple spokesperson said. However, Google is yet to comment on this issue.
In a translated email message, the app author said that it is still in beta phase and the malfunction was because of one of the component in the device. He said that the problem is in the process of fixing.
Android malware is something which happens on frequent basis, the lab said. But a company that proudly promotes itself as bug-free has been having a bad time with corrupt applications.
“It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch [five] years ago,” Kaspersky Lab said.