A malicious Russian SMS app known as “Find and Call” has recently been pulled from both the App Store and Google Play. According to Kaspersky, once a user launches this application, he or she will be asked to register with an email address and phone number. This scam application packs a Trojan that hijacks its user’s phonebook and sends the contact list and GPS coordinates to a remote server, which proceeds to text spam their contacts.
While Android is no stranger to malware, this application marks the first known incident where a malicious application has found its way to Apple’s iTunes App Store. The application doesn’t just spam your contacts; it also allows users to link their social network, email and PayPal accounts to its services. Kaspersky notes that when a user attempts to add money to his or her PayPal account through the application, it will instead try to send money to a company called “LABWEALTH.COM PTE. LTD.” If you visit the URL “labwealth.com,” it leads to a suspicious company based in Singapore named “Wealth Creation Laboratory.”
It’s comforting to see that the application has been deleted from Google Play and the App Store. However, the real issue here is that it made that far in the first place. This goes to show that mobile security can’t be taken for granted and that it is always a good idea to exercise caution when adding new software to your smartphone or tablet.