iPhone Trojan App Sneaks Past Apple Censors - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


iPhone Trojan App Sneaks Past Apple Censors

Find And Call app, discovered in both the Apple App Store and Google Play, copied phone address book to a remote server controlled by spammers.

Who Is Anonymous: 10 Key Facts
Who Is Anonymous: 10 Key Facts
(click image for larger view and for slideshow)
A Trojan app designed by spammers to steal copies of iPhone and Android users' address books found its way last month onto both the official Apple App Store and Google Play app marketplace, and appeared to be active for at least a week.

The app, dubbed "Find and Call," was more akin to "leak and spam," said Denis Maslennikov, a security researcher at Kaspersky Lab, who detailed the malicious apps--pitched to Russian-language iPhone and Android users--in a blog post. Both Apple and Google Thursday removed the offending versions of the application.

"Malware in the Google Play is nothing new but it's the first case that we've seen of malware in the Apple App Store," said Maslennikov. "It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch five years ago. But the main issue here is user's privacy--again."

When it comes to accessing people's address books, there's been a gray line between malicious smartphone apps and well-known apps code that grab address books in the name of "social networking functionality." Notably, security researchers earlier this year found that Hipster and Path, among other smartphone apps, uploaded users' address books to servers controlled by developers, as part of their "find friends" feature. In response, the developers promised to obtain explicit permission from users before grabbing any of their address book information.

[ Problems have plagued the Apple App Store recently. Read Apple's App Store Distributes Corrupted Updates . ]

But Maslennikov said that the Find and Call app clearly was malicious. Interestingly, reviews of the app on the Apple App Store date to at least June 23, 2012, and were far from favorable, with many users complaining--likewise on the app's Google Play download page--that rather than providing a free calling service, the app was instead sending SMS spam to their address book contacts.

The app's end user license agreement (EULA), however, makes no mention of the app potentially sending a copy of a user's address book to a remote server, or the fact that it can record a user's GPS coordinates. "If user launches this application he will be asked to register in the app using his email address and cell phone number," Maslennikov said. "If [the] user wants to 'find friends in a phone book,' his phone book data will be secretly--no EULA/terms of usage/notifications--uploaded to remote server."

The remote server then sent the spam messages--via SMS--to every contact in a user's address book, listing that user's cell phone number in the "from" field, meaning the messages actually appear to have come from the user. Inside the body of the message, meanwhile, contained a URL link for downloading the Find and Call application.

Maslennikov said the URL was tied to a website that offers users the ability to add money via PayPal to an account on the site. "If you try to add some amount of money, you will notice that you're trying to transfer money to a company called 'LABWEALTH.COM PTE. LTD,'" he said. The Labwealth.com website is run by a Singapore-based company with this tagline: "Let's create together the world of plenty and prosperity!"

One Find and Call user detailed his related experiences on Russian news outlet AppleInsider.ru, saying that after providing his email address and cell phone number to the iPhone version of the app, it then sent spam SMS messages, hawking the app, to all of his contacts.

AppleInsider.ru then made contact with the developer of the app, who claimed that the spam messages had been sent in error. "The system is in the process of beta-testing. As a result of the failure of one of the components, there is a spontaneous sending of SMS invitation messages. This bug is being fixed. The SMS are sent by the system, which is why it won't affect your mobile account," replied the developer, in text translated from Russian.

Employees and their browsers might be the weak link in your security plan. The new, all-digital Endpoint Insecurity issue of Dark Reading shows how to strengthen them. (Free registration required.)

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
7/11/2012 | 10:55:34 AM
re: iPhone Trojan App Sneaks Past Apple Censors
I've been using the same tool to export and back up my iPhone contacts. It is amazing how little known it is. I found out about it here:

Ramon S
Ramon S,
User Rank: Apprentice
7/10/2012 | 12:51:22 PM
re: iPhone Trojan App Sneaks Past Apple Censors
So much for Apple's "walled garden". It is only as effective as the gate keepers and they are a single point of failure. Knowing that anything can be suspicious might be unsettling, but it is by far better than assuming everything is safe when in fact it is not.
User Rank: Apprentice
7/10/2012 | 11:26:34 AM
re: iPhone Trojan App Sneaks Past Apple Censors
"it then sent spam SMS messages, hawking the app, to all of his contacts". It is exactly the reason why I do not use Apple's iCloud service to sync my contacts and keep a safe offline backup of my iPhone contacts to my computer via CopyTrans Contacts instead.
User Rank: Strategist
7/9/2012 | 6:04:46 PM
re: iPhone Trojan App Sneaks Past Apple Censors
It sounds more like the developers were a bit incompetent and selfish rather than actually crafting an effective piece of malware. Having it text everybody in the address book as you is pretty bad, though. At work we imported our client lists into our address books in case we needed to contact any one of them in an emergency. That would suck if something starting spamming them in our name!
User Rank: Apprentice
7/9/2012 | 5:15:05 PM
re: iPhone Trojan App Sneaks Past Apple Censors
A Trojan App that sneaks past securityG«™hmmmmm. How annoying having to explain to all your contacts, why you are spamming them.

Paul Sprague
InformationWeek Contributor
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
Study: Cloud Migration Gaining Momentum
John Edwards, Technology Journalist & Author,  6/22/2020
White Papers
Register for InformationWeek Newsletters
The State of IT & Cybersecurity Operations 2020
The State of IT & Cybersecurity Operations 2020
Download this report from InformationWeek, in partnership with Dark Reading, to learn more about how today's IT operations teams work with cybersecurity operations, what technologies they are using, and how they communicate and share responsibility--or create risk by failing to do so. Get it now!
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll