A malicious app that slurps mobile users’ phonebooks and uploads them to a remote server has been spotted being offered both on Google Play and Apple’s App Store.
Kaspersky Lab researchers first though they were dealing with an SMS worm, but after having analyzed the “Find and Call” app, they discovered it was actually a Trojan.
They don’t mention what the app is marketed as, but judging by its name users would not find it suspicious that the app asks for permission to access their contacts.
Once the phonebook is exfiltrated to the server, SMS spam messages containing a link to a page where the free app can be downloaded are sent to all the contacts, inviting them to use it to reach the sender.
“It is worth mentioning that the “from’ field contains the user’s cell phone number. In other words, people will receive an SMS spam message from a trusted source,” say the researchers.
“Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store,” they pointed out.
It is also interesting to note that the website of this app allows users to supposedly access their social network accounts, mail accounts and even their PayPal account and use it:
Unfortunately, by adding money to the PayPal account in this way they are actually transferring to a Singapore-based company.
I don’t know what this app poses as, but this should be warning enough that something is seriously amiss.
Both Google and Apple have been notified of the matter and have by now removed the offending app from their markets.