Security experts at Kapersky anti-virus labs have uncovered the first known case of malware being distributed through Apple’s App Store. The iOS app called “Find and Call” was found to house a trojan that would copy a user’s address book and GPS co-ordinates and upload them to a remote server.
This then leads to a series of spam email message sent to every person on the contact list, suggesting that they too download the Find and Call app, offering a link to the dodgy app.
Find and Call complies with Apple’s guidelines on how apps ask for permission before accessing address book data, but the way the app mines for the data, then uses it to impersonate the user in an attempt to lure in unwitting contacts is a dirty, non-compliant tactic.
“The Find and Call app has been removed from the App Store due to its unauthorised use of users’ address book data, a violation of App Store guidelines,” an Apple spokesperson confirmed.
The app also appears to have been removed from the Google Play marketplace too.
Apple have recently been struck by a number of malware attacks, particularly on their OS X desktop platform, which became the focus of the Flashback attacks. This has led Apple to drop “virus immunity” claims for Macs, so that the marketing message now says merely that the Mac is “built to be safe”. I wonder if this finding will force Apple to have to do the same with the iPhone?