Thursday, July 5, 2012

'Find And Call' Trojan horse
Found At iOS App Store
(and removed)

--
The Walled Garden Has Been Breached. 


This was very bad. Thankfully it was over in a hurry.


Find and Call: Leak and Spam



Quoting Denis at Kaspersky:
...a Trojan that uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book. 
The application is called ‘Find and Call’ and can be found in both the iOS Apple App Store and Android’s Google Play. We’ve already informed both Apple and Google but we haven’t received an answer yet.
I checked it out via iTunes at the Apple iOS app store. 'Find And Call' had been there as it comes up in the hot help as you type in the name. Thankfully, Apple has pulled the app out of the store.


I hereby declare this iOS malware to be INERT. However:


1) The app is active In-The-Wild on victim's iOS devices.


2) Technically, people could grab it out of their iOS backup or off their iOS device and plant it onto a jailbroken iOS device, which is highly unlikely.


3) The malware writers could fool Apple again and get it back on the iOS app store, which is highly unlikely.


Meanwhile, the Android version of this malware is more likely to remain hanging around at the various Android app stores unless Google, and everyone else running a store, use live running anti-malware to detect it and kill it off their stores.


IMHO: It is of grave concern that Apple did not catch the behavior of this malware before approving it for the iOS App Store. It's another kick in Apple's nuts, hopefully further awakening their security vigilance.


BTW: This is not the first time 'malware' has appeared in the Apple iOS app store. Apple security expert and hacker Dr. Charlie Miller managed to slip one by Apple last year. This IS, however, the first time that deliberately malicious software has been slipped by Apple.


Kill the deceitful messenger, love the results...
---

No comments:

Post a Comment