Apple App Store gets first malware app

Apple's app screening fails as malware app gets onto App Store
  • Chris Martin (Unknown Publication)
  • — 09 July, 2012 17:55

A malicious app has found its way onto the Apple iOS App Store for iPhone and iPad.

The app, named 'Find and Call' managed to get on the store despite Apple's strict screening process. Kaspersky Lab discovered the Trojan which is widely considered to be the first malware found in the App Store.

The security firm explained that the app was thought to be an SMS worm sending text messages to contacts with a url to the app itself. However, it later found that the Trojan uploads the user's phonebook to a remote server to be used for spam text messages.

Apple said: "The Find and Call app has been removed from the App Store due to its unauthorised use of users' Address Book data, a violation of App Store guidelines."

Find and Call also made an appearance on the Google Play Store but has since been removed by the firm.

Security firm Sophos doesn't agree with Kaspersky that the app is actually malware. In its blog it points to the fact that the app has the same name across both stores, it has functionality and the Find and Call website is also not malicious.

"It would probably be more accurate to say that the "Find and Call" app is "spammy" - as it leaks data all over the place in plain text via http (which means, of course, that the data could be intercepted and sniffed by someone wanting to snoop on you)." said Sophos.

Follow Chris Martin and @PCAdvisor on Twitter.

Comments are now closed.
CSO Corporate Partners
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Trend Micro Mobile Security

Comprehensive enterprise protection for mobile devices

more »

Submit your own security event

Submit your training courses

Security Awareness Tip

Incident handling is a vast topic, but here are a few tips for you to consider in your incident response. I hope you never have to use them, but the odds are at some point you will and I hope being ready saves you pain (or your job!).


  1. Have an incident response plan.

  2. Pre-define your incident response team 

  3. Define your approach: watch and learn or contain and recover.

  4. Pre-distribute call cards.

  5. Forensic and incident response data capture.

  6. Get your users on-side.

  7. Know how to report crimes and engage law enforcement. 

  8. Practice makes perfect.

For the full breakdown on this article

Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.

Read More
more »