It's pretty rare that a malicious app finds its way to the official iOS App Store. Yet that's exactly what appears to have happened, thanks to an app called Find and Call. The Russian language app also showed up on the Google Play.
According to an alert by Kaspersky Labs, the app was designed to copy the address book of a smartphone and then upload that information to the servers of whomever created the app. After that, the server launches a spam attack on all of the people listed in the address book,
MacRumors.com reports that the Find and Call app has been in place on the iOS app store since June 13. However, a few hours after the first alert by Kaspersky Labs, Apple managed to remove Find and Call from the App Store. The company said in a statement the app was removed "due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines." Google has also since removed the app from Google Play.
There's no word on how the app found its way onto Apple's iOS App Store in the first place, although this isn't the first time a rogue app has been discovered in the App Store: Back in January, a fake Camera+ app was found. The difference is that the Find and Call app is actively malicious and may be the first case of true malware in the iOS store.
Source: Kaspersky Labs | Image via Kaspersky Labs