Malware on a smartphone isn’t new, but it’s generally been more common on Google’s app store than on Apple’s. This doesn’t mean that iOS devices are immune, however, as evidenced by a Trojan app called “Find and Call” found on both Google Play and the App Store.
The “Find and Call” app, which seems to have been posing as a contact management app, asked users who installed it if they’d like to find friends. If permission was granted the app would upload the phone’s contacts to a remote server and begin to send SMS spam to contacts. As with email, sending spam from a source that appears to be trusted is more effective than sending it at random.
There’s more to the problem, though. Users who visited the “Find and Call” app’s website could stumble across a social networking page that allowed users to input details for Facebook and even PayPal. This is nothing more than a phishing attack – albeit it a creative one.
The “Find And Call” app has been yanked from Google Play and the iOS App Store since Kaspersky made the announcement and virus definitions for Kaspersky (and other malware apps, no doubt) have been updated. If you happen to have this “Find and Call” app, delete it immediately. You should also change the password on all of your important accounts and install an anti-malware app.
To protect yourself, don’t assume that an app is legitimate simply because it’s on an official app store. Be sure to check user reviews and the developer’s website to confirm validity. For example, both of these warning signs would help safeguard you against “Find And Call”, as numerous users left it poor reviews and the app’s website included an obvious phishing scam.