Apple and Google have pulled the Find and Call app from their app stores after it was revealed to be "harvesting" users' contacts and sending unsolicited texts.
According to Kaspersky Lab, the dubious app was first thought to be an SMS worm, but later was confirmed as Trojan. The software security firm says it had informed Google and Apple about the presence of malware in their app stores, which subsequently led to removal of the app.
Apple has confirmed withdrawing the Find and Call application from its store. "The Find & Call app has been removed from the App Store due to its unauthorized use of users' Address Book data, a violation of App Store guidelines," CNET quotesApple spokesperson Trudy Muller as saying.
Kaspersky reveals that the app needed users to register their e-mail address and phone number. The app then offered users to find friends from their contact list. The app captured the phone book data and transmitted to a remote service, Kaspersky added.
Find and Call in the Apple Store
The malware then spammed users' contacts with unsolicited texts, which appeared to come from the original user. "The 'from' field contains the user's cellphone number," the Kaspersky report says. "In other words, people will receive an SMS spam message from a trusted source."
Find and Call in the Google Play
Both versions of the app also transmitted users' GPS coordinates to a remote server. The app had an optional feature, allowing users to upload account information for social networks, personal email and even online transaction accounts such as PayPal.
Developers of the app, however, claim the app is in beta phase and blamed "failure of one of the components" for the spam.
Kaspersky in report points out that malware is not a new thing for Google's app store but then it was first for Apple's iOS. "It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago," Kaspersky Lab stresses.
Source: CNET
No comments:
Post a Comment