Google, Apple remove malware application from official app stores

'Find and Call' app steals people's phone books and spams their contacts, Kaspersky security researchers said

Google and Apple removed a mobile app named "Find and Call" from their respective app stores on Thursday following reports that it was stealing people's phone book data and using the information to spam their contacts.

The app had been available on Google Play since at least May 21 and on Apple's App Store since at least June 13. Those dates are when the app's Android and iOS versions were last updated, Denis Maslennikov, a senior malware analyst at security firm Kaspersky Lab, said Friday.

Security researchers from Kaspersky analyzed "Find and Call" and flagged it as malware after being notified about its suspicious behavior by MegaFon, one of the largest mobile carriers in Russia.

According to its developer's website, the app allegedly allows users to find and call other people without knowing their phone numbers, if those people associated their domain names, social networking handles, instant messaging IDs, or other similar contact information with a phone number in the "Find and Call" system.

Even though the "Find and Call" website has an English version, the Kaspersky researchers have only seen Russian-language versions of the app so far, Maslennikov said.

After installation, if users click on an option to find their friends, the app silently uploads their phone book data to the developer's server without asking for confirmation.

Other apps have been caught uploading user address books to remote servers without proper notification in the past. However, in this particular case, there is clear evidence that the data is being misused, Maslennikov said.

Once a user's phone book data is copied, their contacts will receive an SMS message advertising the "Find and Call" app. These messages are sent by the app's developer, but they are modified to appear as if they come from the user's phone number.

In addition, if a contact's email address is included in a stolen address book, that contact might also receive a spam email.

While malicious applications have been uploaded to Google Play before, this is probably the first time that malware has been found in Apple's App Store, Maslennikov said. Apple will probably be stricter from now on when reviewing applications that try to upload user phone books to remote servers, he said.

Google and Apple did not immediately return a request for comment. However, the malicious app was removed from their respective app stores.

"With Apple's ecosystem being so locked down, we have to rely on them to protect us and to ensure our data is secure and not exploited by developers," Armando Orozco, a senior mobile malware analyst at antivirus vendor Webroot, said via email. "Thus far they have done a good job; but there are additional steps they can take, like requiring developers to be more transparent when accessing users personal data."

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Lucian Constantin

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place