Research reveals suspicious application in Apple App Store
Consumerisation worries public sector IT managers
A suspicious application has been named as the first malware in the in the Apple App Store.
According to research by Denis Maslennikov, senior malware researcher at Kaspersky Lab, the application ‘Find and Call' appeared to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself at first glance.
“However, our analysis of the iOS and Android versions of the same application showed that it's not an SMS worm but a Trojan that uploads a user's phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user's address book,” he said.
Maslennikov said that if a user launches this application they will be asked to register the app with their email address and mobile phone number, and to ‘find friends in a phone book' their contacts data and GPS coordinates will be secretly (no EULA/ terms of usage/notifications) uploaded to a remote server.
He said that while the user continues to use the application it steals data from the device which are uploaded to a remote server to be used for SMS spam campaigns.
“Each phone book entry will receive SMS spam message offering to click on the URL and download this ‘Find and Call' application. It is worth mentioning that the ‘from' field contains the user's mobile phone number. In other words, people will receive an SMS spam message from a trusted source,” he said.
He said that the website for this app allows the user (after logging into your account) to ‘enter' your social network accounts, mail accounts (it seems that these details will also be used) and even PayPal to add money to your account.
Later, the writer of the App responded to the Russian blog AppleInsider.ru with a statement that said: “System is in process of beta-testing. In result of failure of one of the components there is a spontaneous sending of inviting SMS messages. This bug is in process of fixing. SMS are sent by the system, that is why it won't affect your mobile account.”
The apps were later removed from the Apple Store and Google Play.
James Lyne, director of technology strategy at Sophos, told SC Magazine that this was not the most insidious payload but there was a number of smartphone invulnerabilities that the ‘walled garden' was not delivering.
Lyne said “There are other apps with superior techniques, some by accident and some intentional, but this does show that things are possible and we should not rest on our laurels about smartphone security. However the application checking process needs to be more transparent."