People who think that downloading apps from the Google Play and iOS App Store is completely safe. Well, think again — the iTunes App Store gets its first trojan.
According to Kaspersky’s latest report, they’ve discussed some utterly alarming facts about an app called “Find and Call”. What may appear to be an SMS worm, is actually a trojan that sends a user’s contact lists to an online server — without the user’s knowledge whatsoever, basically stealing all of your contacts.
But wait! It gets worse…
From thereon, the server will then take advantage of all the contacts uploaded from your device to send out numerous SMS spam that includes a URL on where to download the app — which by the way, contains a message that seems to have been composed solely by you. Hoping to fool your friends, thus, aiding the further spread of the app.
“If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields wonâ€™t be checked for validity). If user wants to â€˜find friends in a phone bookâ€™ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server” as stated by Denis, an expert from Kaspersky Labs.
Since the security/privacy breaching issue behind the ‘find and call’ app has been raised by Kaspersky Labs, the app is no longer available for downloads at the Google Play and iOS app stores.
In the corrupted realm of technology, no one is completely safe. Even the world’s most secure mobile platform — the Blackberry 7 OS, is still vulnerable to trojans and malware if a user of the device running it is recklessly installing apps from the app world. Then again, consumers won’t be able to download/find the forsaken app if the people at Research in Motion (RIM) has reviewed it properly right?
So this brings up the question: Who is to blame for the release of the “Find and Call” app?
Kaspersky has acknowledged the public that the Russian “Find and Call” app may not subject your Android or iOS device to bricking nor can it steal money from unsuspecting users, although, the app’s website appears to be asking users for social networking logins and PayPal account passwords in attempt to gain more personal info [probably] for financial motivations in the future (talk about phishing; how clever!).