wraggster
July 6th, 2012, 20:52
For the first time ever, malware has successfully made its way into an available app on the iOS App Store.
Wired has reported (http://www.wired.co.uk/news/archive/2012-07/06/first-apple-store-malware%20) that a Russian-language app called Find and Call contained a Trojan virus that uploaded users’ address books to a remote server. The virus also spammed all phone and email contacts with links to the app and logged the handset’s GPS coordinates.
Wired reported: "It should be noted that the app does, in a way, seek permission to access the user's address book by asking if the user wants to 'find friends in a phone book.' But when the user agrees, the app surreptitiously swipes the contact data and then uses it to send out spam to the user's contacts while making it appear that the spam is coming from the user so that it looks to the recipient like it's coming from someone he or she knows. The spam message includes a link for the recipient to download the Find and Call app.
The rogue app's theft of contact information appears to have been limited to Russian iOS users, but the issue raises serious questions about the safety of the App Store and its claims of invulnerability.
It has now been removed from the App Store.
The app was also released on the Google Play Store (no stranger to dodgy downloads), but has since been removed.
http://www.mobile-ent.biz/news/read/ios-app-store-stung-by-malware-for-first-time-in-history/018539
Wired has reported (http://www.wired.co.uk/news/archive/2012-07/06/first-apple-store-malware%20) that a Russian-language app called Find and Call contained a Trojan virus that uploaded users’ address books to a remote server. The virus also spammed all phone and email contacts with links to the app and logged the handset’s GPS coordinates.
Wired reported: "It should be noted that the app does, in a way, seek permission to access the user's address book by asking if the user wants to 'find friends in a phone book.' But when the user agrees, the app surreptitiously swipes the contact data and then uses it to send out spam to the user's contacts while making it appear that the spam is coming from the user so that it looks to the recipient like it's coming from someone he or she knows. The spam message includes a link for the recipient to download the Find and Call app.
The rogue app's theft of contact information appears to have been limited to Russian iOS users, but the issue raises serious questions about the safety of the App Store and its claims of invulnerability.
It has now been removed from the App Store.
The app was also released on the Google Play Store (no stranger to dodgy downloads), but has since been removed.
http://www.mobile-ent.biz/news/read/ios-app-store-stung-by-malware-for-first-time-in-history/018539