July 6, 2012
Find & Call App – First Case Of Malware Reported On The iPhone
Michael Harper for redOrbit.com — Your Universe Online
It´s all fun and games until malware gets involved.
Apple´s App Store is supposed to be a safe place, a warm haven amidst the foul realities of lesser technologies. It´s a neighborhood where the houses are a little more expensive and the HOA carries a big stick. But those high, brick fences and that security guard at the entrance make us feel pretty safe. We hear about other break-ins and other foul acts of mis-doing on the evening news, shake our heads, pull our loved ones close and thank a higher power that we don´t have to live in the same kind of fear.
That is, until one day a Russian developer is able to sneak past our security guard and gain entrance to our safe, walled garden. The next morning, we discover solicitations on our car and a few broken windshields.
"The Find & Call app has been removed from the App Store due to its unauthorized use of users' Address Book data, a violation of App Store guidelines.” This was Apple´s statement to tech blog The Loop [theloopinsight.com] regarding an app which Kaspersky Lab researcher Denis Maslennikov is calling malware.
Found in both Apple´s App Store and Google´s Google Play store, Find and Call disguised itself as an alternate to the “Phone” application. After installation and going through the set-up process, which asked for an email address and cell number, the app scours the address book and begins sending out text messages chock full of spam. Though the app appeared to be fully functional, those contacts in the user´s address book would begin getting text messages from the user´s actual phone number with the message “Now I´m here and it´s easier to reach me with the help of free application“¦” and a clickable URL to the Find and Call app.
Kaspersky Labs - no stranger to calling out Apple malware - deems this app as malware as it uploads a user´s address book to a remote server which is used to send spam.
Though available throughout the world, the app´s description – as well as the app´s reviews and comments – are all in Russian, so it´s likely only those in Russia were affected by the app.
About those reviews: Mr. Maslennikov notes that nearly every commenter gave the app 1 lonely star, noting the app was sending spam SMS to their family and friends.
The implications of this malware break, no matter how brief, could be huge for Apple. It´s not at all uncommon to see malicious apps in Android´s Google Play store. Apple and their users, on the other hand, have always taken pride in the fact that their App Store was always safe and free of malware. Any iPad, iPhone, or iPod touch user could download whatever they wanted to from this walled garden with an easy mind and no fear of cyber-criminality.
Though it doesn´t appear as if this app had a very long shelf-life at the App Store, the fact it made it in there in the first place is a little upsetting.
“We´re sure that both applications must be deleted from the official markets,” writes Mr. Maslennikov. “Yes, these pieces of malware are not that ℠cybercriminalistic´. But malware is malware and in this case it steals user´s phone book and uses it for SMS spam. And we´re sure that there must be strict and quick response to such incidents. Period.”
This is the first-ever documented case of malware in the Apple App Store, though it´s not the first time an app has been found to upload a user´s address book without their prior knowledge or permission. it was discovered earlier this year that social networking app “Path” was guilty of the same behavior, though there was no threat of Spam or malicious intent in that instance. Apple has since announced they will require explicit permission at the OS level in future versions of iOS.