On Thursday, Kaspersky Lab Expert researcher Denis Maslennikov wrote about a rogue app in the iOS App Store and Google Play store that secretly uploads your contact list to a remote server and then uses that information to send out spam text messages.
Called “Find and Call”, the app is actually a Trojan that lets users “find friends in a phone book.” The app then steals your contact list and uses the phone numbers to send out spam messages on your behalf. The app has a companion website that lets you add your social networks and email accounts to the service. You can even use PayPal to transfer money to your Find and Call account.
It is the first case of malware the company has detected in the iOS App Store says Kaspersky in a blog post. You can read more about the threat and its possible Russian origins on Kaspersky’s website. The Loop has a follow-up report that confirms the rogue app has been removed from the iOS App Store by Apple because of “its unauthorized use of users’ Address Book data.”