- Joined
- 6 May 2012
- Messages
- 5,042
- Solutions
- 6
- Reaction score
- 8,865
Yesterday Kaspersky posted that they were contacted by their partner MegaFon, one of the major mobile carriers in Russia. They notified Kaspersky about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
The application is called ‘Find and Call’ and can be found in both the iOS Apple App Store and Android’s Google Play. We’ve already informed both Apple and Google but we haven’t received an answer yet.
.
.
After the installation the following icon appears in the menu of Android/iOS homescreen.
If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server.
Full Report on Kaspersky Blog
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
The application is called ‘Find and Call’ and can be found in both the iOS Apple App Store and Android’s Google Play. We’ve already informed both Apple and Google but we haven’t received an answer yet.
.
.
After the installation the following icon appears in the menu of Android/iOS homescreen.
If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server.
Full Report on Kaspersky Blog
