Skip to main content

Malware Arrives, Nuked on App Store For First Time

Kaspersky Lab is calling this a first-ever for Apple: an app offered on the App Store containing malware. The security firm confirmed its existence on Thursday, reporting that the malicious app was also available to download from Google Play. The app has since been removed from both markets as of this writing.

According to Kaspersky, the application was called "Find and Call." At first glance, it seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself. But after careful study, the firm discovered it to be a Trojan that uploaded a user’s phonebook to remote server.

"If user launches this application, he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If the user wants to ‘find friends in a phone book,’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server," the security firm reports.

Both the iOS and Android apps were also able to upload the users' GPS coordinates to the same server, the company said. Meanwhile, device owners were capable of using the application unaware of its malicious intent while it secretly stole data from the device (phone book, cell phone numbers), and uploaded the info to a remote server.

In turn, this collected data was used in an SMS spam campaign that sent a message to every contact entry. These messages contained a link to the application listed on Apple's App Store and Google Play. The message even contained the user's phone number in the "from" field, making it seem that the SMS message was legit.

"The website of this app allows you (after logging in to your account) to 'enter' your social network accounts, mail accounts (it seems that these details will also be used) and even PayPal (!) to add money to your account," Kaspersky reports. "If you try to add some amount of money, you will notice that you're trying to transfer money to a company called 'LABWEALTH.COM PTE. LTD.' If you check their website, 'labwealth.com', you’ll find a company based in Singapore named 'Wealth Creation Laboratory'. Yeah, right!"

The company motto? Let's create together the world of plenty and prosperity!

"Malware in the Google Play is nothing new but it's the first case that we've seen malware in the Apple App Store," the firm adds. "It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago. But the main issue here is user's privacy again. It's not for the first time when we see incidents related to user's personal data and its leakage. And it's for the first time when we have confirmed case of malicious usage of such data."

The author responsible for the apps reportedly called the problem a bug. "System is in process of beta-testing. In result of failure of one of the components, there is a spontaneous sending of inviting SMS messages. This bug is in process of fixing. SMS are sent by the system, that is why it won't affect your mobile account," the developer said.