The App Store does not seem to be having the best of days. First, it’s got corrupted app updates, and now it’s got a Trojan Horse virus, according to Kaspersky. Luckily, the application that is in question has already been pulled, it’s name being Find and Call (App Store screenshot above). Kaspersky’s SecureList site described it below:
Yesterday we were contacted by our partner MegaFon, one of the major mobile carriers in Russia. They notified us about a suspicious application, which was found in both the Apple App Store and Google Play. At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself.
However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
It’s currently unknown if this is related to the previously mentioned issue with App Store updates, but it isn’t likely. It’s suggested that any users who have downloaded the application to delete it immediately from their devices and delete it from their iTunes.
Apple has yet to comment.
What do you think? Interested in how this got past Apple? Did you download this? Noticed anything strange if you have, or did you get it off in time? Let us know in the comments.