Apple has pulled a malicious app from its App Store after the Russian security firm Kaspersky Lab reported that it was a Trojan that uploads a user's contact info to the developer's servers.
"At first glance, this seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself," explained Kaspersky Lab‘s Denis Maslennikov. "However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.”
The application mostly attacked Russian users, but it was available worldwide via the App Store and Google Play for Android devices. Kaspersky Lab reminded everyone that "there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago."
The app called Find and Call has been removed from the App Store.