Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Sneaky iOS (Malware?) Surfaces in App Store, Says Kaspersky

Apple’s closed model, while criticized by many, has kept iPhone and iPad users relatively safe from malware and other potentially malicious apps, especially when compared to Android users.

While some iOS apps have been called into question before over privacy concerns and aggressive advertising tactics, Kaspersky Lab researchers are saying they have discovered an iOS app that they are outright calling malware.

Apple’s closed model, while criticized by many, has kept iPhone and iPad users relatively safe from malware and other potentially malicious apps, especially when compared to Android users.

While some iOS apps have been called into question before over privacy concerns and aggressive advertising tactics, Kaspersky Lab researchers are saying they have discovered an iOS app that they are outright calling malware.

The app in question is “Find and Call,” an app that Kaspersky is classifying as malware based upon the fact that it grabs a users phonebook details (without first notifying the user) and sends spam SMS messages to all contacts, appearing to be initiated from the user. (A version of the app is also available for Android, but for this story we’ll focus on the iOS version)

Kaspersky said it was tipped off about the app when Russian mobile carrier MegaFon reached out about the suspicious app. After taking a first look into the app, Kasperky’s mobile security guru Denis Maslennikov said they believed it to be an SMS worm being spread by sending messages to contacts stored in the address book.

“However, our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server,” Maslennikov wrote in a blog post. “The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.”

At first, one may think that while the features may raise privacy concerns, they may not necessarily be malicious, as many legitimate apps, for one reason or another, access and sometimes capture information from address books.

But this app is certainly malicious, Maslennikov says. Why? “Both apps upload user’s phone book to remote server and use it for SMS spam,” he said. 

Advertisement. Scroll to continue reading.

Following Maslennikov’s blog post, he noted that AppleInsider.ru was able to connect with the author who sprung to its defense, saying in an English translation, “[The} system is in process of beta-testing. In result of failure of one of the components there is a spontaneous sending of inviting SMS messages. This bug is in process of fixing. SMS are sent by the system, that is why it won’t affect your mobile account.”

The company appearing to be behind the app describes itself as follows: “Our company develops and introduces new innovational products in the sphere of the Internet and telephony. The project, on the web-site of which you are right now, has been started in 2006, and only in summer 2011 we have decided that it is good enough to bring it to beta-testing and to open it for first users.”

While the Find and Call app should certainly should raise red flags, it’s unclear to what extent the authors plan to use the harvested data, and if it would be used beyond the blatant spam attempts to promote its own products. In fact, many online web services and apps often trick users into blindly promoting products, often via a Twitter connection or auto-emailing to address books. 

Earlier this year, Symantec issued a warning on a set of Android apps that it said were a bot-like threat, but in reality were just using a third party ad service (Apperhand) that essentially made the apps adware, but not necessarily malware.

Will Find and Call really be marked as the first true malware to work its way into Apple’s official App Store? That’s a tough call. If the company adds a simple disclosure or approval step before sending out SMS promotions, would it still be classified as malware?

“Yes, these pieces of malware are not that ‘cybercriminalistic’,” Maslennikov opined. “But malware is malware and in this case it steals user’s phone book and uses it for SMS spam. And we’re sure that there must be strict and quick response to such incidents.”

Kaspersky Lab detects them as Trojan.AndroidOS.Fidall.a and Trojan.IphoneOS.Fidall.a.

At the time of publishing, FindAndCall is still available via Apple’s AppStore.

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.

Register

Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Malware & Threats

Threat actors are increasingly abusing Microsoft OneNote documents to deliver malware in both targeted and spray-and-pray campaigns.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...