The Apple App Store gets its first ever rogue application, according to Kaspersky
A malicious application has been found on both Apple’s App Store and Google Play, designed to steal users’ phonebooks and spam contacts.
According to Russian security giant Kaspersky, it marks the first time malware has been spotted on Apple’s iOS store, which has been largely unaffected by security problems since its launch five years ago.
If users download the ‘Find and Call’ app, the attackers spam all contacts with text messages containing a link to the application download page, as the malware seeks to propagate, Kaspersky discovered.
Spam messages claim to come from the original victim’s device, making it seem more legitimate and therefore making it more tempting to click on the link.
The security company said it had informed Apple and Google, but had not received a response. Kaspersky was alerted to the spamming application by partner MegaFon, one of the major mobile carriers in Russia.
But users have vented their anger in the reviews sections for the app, noting how it was sending SMS spam.
As for the attackers’ end goal, they appear to be duping users of their money and their data. Users are asked to register in the app using email addresses and mobile numbers. The app’s website also asks users if they want to add social network accounts and PayPal to add money to their app account. The Trojan can also upload users’ GPS coordinates to the same server.
“Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store. It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago,” said Kaspersky Lab expert Denis Maslennikov, in a blog post.
“But the main issue here is user’s privacy again. It’s not for the first time when we see incidents related to user’s personal data and its leakage. And it’s for the first time when we have confirmed case of malicious usage of such data.
“We’re sure that both applications must be deleted from the official markets. Yes, these pieces of malware are not that ‘cybercriminalistic’. But malware is malware and in this case it steals user’s phone book and uses it for SMS spam. And we’re sure that there must be strict and quick response to such incidents. Period.”
Apple had not responded to a request for comment at the time of publication. Google said it had no comment on the specific matter, but offered the same comment as TechWeekEurope received for a story on other Android threats this week: “We are committed to providing a secure experience for consumers in Google Play, and in fact our data shows between the first and second halves of 2011, we saw a 40 percent decrease in the number of potentially-malicious downloads from Google Play. Last year we also introduced a new service into Google Play that provides automated scanning for potentially malicious software without disrupting the user experience or requiring developers to go through an application approval process.”
When TechWeekEurope checked their respective markets, Find and Call was still on the App Store and Google Play.
The promotional copy for the app claimed to offer “free calls from your mobile phone to domains, email, Skype, social networks”.
At the InfoSecurity 2012 conference earlier this year, Kaspersky’s CEO Eugene Kaspersky admitted to TechWeekEurope that if anti-virus products were allowed onto iOS, Apple would have to open the doors of its ‘walled garden’, which would in turn allow for more malicious activity its mobile devices. But not allowing anti-virus would cause more harm once hackers figured out how to get malware onto iPhones and iPads.
Apple’s confidence around the security of its laptops and desktops was hit this year, thanks to the Flashback malware, which infected over 600,000 Macs.
Android continues to be plagued by security issues, including a botnet and a rootkit discovered this week.
Keen on IT security? Try our quiz!