
If you have downloaded the 'Find and Call' application from the iOS App Store recently, a trojan horse has probably, and likely, affected you. The news comes from a Kaspersky blog post and the application was also available in the Google Play store and affected Android devices in the same way. Kaspersky claims to have alerted both Apple and Google about the issue.
Find and Call, after being installed on one’s iPhone, would basically upload your contact book information to a third party server, where the server could then send messages to each and every one of your contacts telling them to download the Find and Call application from the iOS App Store with a link to download it. Additionally, the application would pretend that you were the one sending the message by causing the caller ID on your friend’s phone to display as if you sent the message to them.
Because the caller ID on your friend’s phone would show that you sent the message instead of an automated service, your friend would have a higher chance of downloading the application and being infected by it since they would probably trust you if you had recommended an application to them. After installing the application, your friend’s contact list would also be uploaded to the third party server, causing a vicious cycle of issues.
While it’s known that the contact information was used to try to get more people to download the infection, it’s not known what else the contact information uploaded to the third party server was being used for.
As we know, iOS 6 will be adding a feature to the mobile operating system that tightens security on applications by allowing the user to choose whether or not an application can have access to your personal data by prompting you every time it tries to access it. Hopefully outbreaks such as this one, involving 'Find and Call,' can be controlled by this new feature and we won’t see this same issue happen in the iOS App Store again.
Sources: Kaspersky Blog via MacWorld
Message