Mobile
News
7/9/2012
11:11 AM
Connect Directly
RSS
E-Mail
50%
50%

iPhone Trojan App Sneaks Past Apple Censors

Find And Call app, discovered in both the Apple App Store and Google Play, copied phone address book to a remote server controlled by spammers.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
A Trojan app designed by spammers to steal copies of iPhone and Android users' address books found its way last month onto both the official Apple App Store and Google Play app marketplace, and appeared to be active for at least a week.

The app, dubbed "Find and Call," was more akin to "leak and spam," said Denis Maslennikov, a security researcher at Kaspersky Lab, who detailed the malicious apps--pitched to Russian-language iPhone and Android users--in a blog post. Both Apple and Google Thursday removed the offending versions of the application.

"Malware in the Google Play is nothing new but it's the first case that we've seen of malware in the Apple App Store," said Maslennikov. "It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch five years ago. But the main issue here is user's privacy--again."

When it comes to accessing people's address books, there's been a gray line between malicious smartphone apps and well-known apps code that grab address books in the name of "social networking functionality." Notably, security researchers earlier this year found that Hipster and Path, among other smartphone apps, uploaded users' address books to servers controlled by developers, as part of their "find friends" feature. In response, the developers promised to obtain explicit permission from users before grabbing any of their address book information.

[ Problems have plagued the Apple App Store recently. Read Apple's App Store Distributes Corrupted Updates . ]

But Maslennikov said that the Find and Call app clearly was malicious. Interestingly, reviews of the app on the Apple App Store date to at least June 23, 2012, and were far from favorable, with many users complaining--likewise on the app's Google Play download page--that rather than providing a free calling service, the app was instead sending SMS spam to their address book contacts.

The app's end user license agreement (EULA), however, makes no mention of the app potentially sending a copy of a user's address book to a remote server, or the fact that it can record a user's GPS coordinates. "If user launches this application he will be asked to register in the app using his email address and cell phone number," Maslennikov said. "If [the] user wants to 'find friends in a phone book,' his phone book data will be secretly--no EULA/terms of usage/notifications--uploaded to remote server."

The remote server then sent the spam messages--via SMS--to every contact in a user's address book, listing that user's cell phone number in the "from" field, meaning the messages actually appear to have come from the user. Inside the body of the message, meanwhile, contained a URL link for downloading the Find and Call application.

Maslennikov said the URL was tied to a website that offers users the ability to add money via PayPal to an account on the site. "If you try to add some amount of money, you will notice that you're trying to transfer money to a company called 'LABWEALTH.COM PTE. LTD,'" he said. The Labwealth.com website is run by a Singapore-based company with this tagline: "Let's create together the world of plenty and prosperity!"

One Find and Call user detailed his related experiences on Russian news outlet AppleInsider.ru, saying that after providing his email address and cell phone number to the iPhone version of the app, it then sent spam SMS messages, hawking the app, to all of his contacts.

AppleInsider.ru then made contact with the developer of the app, who claimed that the spam messages had been sent in error. "The system is in the process of beta-testing. As a result of the failure of one of the components, there is a spontaneous sending of SMS invitation messages. This bug is being fixed. The SMS are sent by the system, which is why it won't affect your mobile account," replied the developer, in text translated from Russian.

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity issue of Dark Reading shows how to strengthen them. (Free registration required.)

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Gyros
50%
50%
Gyros,
User Rank: Apprentice
7/11/2012 | 10:55:34 AM
re: iPhone Trojan App Sneaks Past Apple Censors
I've been using the same tool to export and back up my iPhone contacts. It is amazing how little known it is. I found out about it here:

http://www.everythingicafe.com...
Ramon S
50%
50%
Ramon S,
User Rank: Apprentice
7/10/2012 | 12:51:22 PM
re: iPhone Trojan App Sneaks Past Apple Censors
So much for Apple's "walled garden". It is only as effective as the gate keepers and they are a single point of failure. Knowing that anything can be suspicious might be unsettling, but it is by far better than assuming everything is safe when in fact it is not.
AllanO
50%
50%
AllanO,
User Rank: Apprentice
7/10/2012 | 11:26:34 AM
re: iPhone Trojan App Sneaks Past Apple Censors
"it then sent spam SMS messages, hawking the app, to all of his contacts". It is exactly the reason why I do not use Apple's iCloud service to sync my contacts and keep a safe offline backup of my iPhone contacts to my computer via CopyTrans Contacts instead.
Fill
50%
50%
Fill,
User Rank: Strategist
7/9/2012 | 6:04:46 PM
re: iPhone Trojan App Sneaks Past Apple Censors
It sounds more like the developers were a bit incompetent and selfish rather than actually crafting an effective piece of malware. Having it text everybody in the address book as you is pretty bad, though. At work we imported our client lists into our address books in case we needed to contact any one of them in an emergency. That would suck if something starting spamming them in our name!
PJS880
50%
50%
PJS880,
User Rank: Apprentice
7/9/2012 | 5:15:05 PM
re: iPhone Trojan App Sneaks Past Apple Censors
A Trojan App that sneaks past securityG«™hmmmmm. How annoying having to explain to all your contacts, why you are spamming them.

Paul Sprague
InformationWeek Contributor
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Government Tech Digest Oct. 27, 2014
To meet obligations -- and avoid accusations of cover-up and incompetence -- federal agencies must get serious about digitizing records.
Video
Slideshows
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of October 26, 2014 and for the incredible Friday Afternoon Conversation that runs beside the program.
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.