New Trojan Spreading On App Store and Google Play

A new Trojan that uploads users’ phonebooks to a remote server is making the rounds, circulating on both Apple’s App Store and the Google Play marketplaces, according to research by Kaspersky Lab posted on the Securelist web site earlier today.

A new Trojan that uploads users’ phonebooks to a remote server is making the rounds, circulating on both Apple’s App Store and the Google Play marketplaces, according to research by Kaspersky Lab posted on the Securelist web site earlier today.

Kaspersky virus researchers, responding to a request from the Russian mobile carrier MegaFon, found the new mobile application, “Find and Call,” contains a “find your friends” feature that silently uploads a user’s phonebook information to servers controlled by the Find and Call authors. Users are not shown an end-user license agreement (EULA) or terms of service indicating that they will be disclosing their phonebook information.

In the blog entry, Denis Maslennikov, a  Senior Malware Analyst with Kaspersky Lab’s Global Research and Analysis Team, claims the application also reports users’ GPS coordinates. 

MegaFon initially tipped researchers off about the suspicious application, which they believed to be an SMS worm, which spread using short message service (SMS) messages sent from phone to phone.

Find and Call isn’t an SMS worm, but is similar to one. It sends SMS spam messages to numbers in the phonebook. Each message appears to come from their friend and encourages victims to click and follow a link to install the Find and Call application.

Google and Apple have apparently been informed of the suspicious application. However, both the iPhone and Android versions of the application could still be found in their respective markets early Thursday.

Google has tried to stamp out malware with its recently released Google Play marketplace. In February, the Mountainview, California company announced plans to deploy a new malware scanner: Bouncer to police its online marketplaces. Several months later, in June, research by John Oberheide and Charlie Miller showed bypassing the scanner wasn’t difficult.

Apple, in an attempt to better secure their mobile application store began to require that all Mac applications be sandboxed and started to phase out iOS apps that required access to iPhones’ unique device identifier numbers (UDID) earlier this year.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.