Malware steals mobile phone contacts
Kaspersky said it was alerted to the app by a major Russian mobile-phone company. On initial investigation the Find and Call app for iPad, iPhone and Android devices, appeared to be a worm that sends a link to every number stored on the mobile handset through text messages, using the SMS (short message server) protocol.
The link takes recipients to the rogue app in the Apple App Store and Google Play. Both Apple and Google have now removed the Find and Call app.
But deeper analysis by the security company found that the malware is far more serious. The Trojan uploads the contents of the address book to a server controlled by its author, from where the link to the app is sent.
It then replicates itself from the server by sending spam text messages to all the contacts in the phone's address book, with the URL in the application.
Although Google has been troubled with rogue apps, it is not so common for Apple to be hit by malware. However, rival antivirus firm, Sophos, said in a blog that it believed the app's author meant only for it to promote itself, not cause damage.
"That's pretty ugly behaviour, as there are no previous warnings or explanations for the user," said Sophos.
Updating your subscription status