Rogue Trojan Hits iOS App Store, Is Quickly Removed



In what appears to be a strange slip on Apple’s part, Securelist is reporting that a Trojan Horse made its way into the iOS App Store this morning. The app, known as “Find and Call”, was available on both the iOS App Store and Google Play, and received a flood of bad reviews before being pulled from both stores.

Find and Call is little more than an app designed intentionally to scam its users and their friends. In a sense, the app did live up to its name, if you interpret ‘Find’ as uploading your contacts to its servers, and ‘Call’ as alerting everyone in your contacts via text to download the app.

The crafty part about the app is that after uploading your contacts, it would mask the outgoing SMS messages it sent with your own phone number, causing your friends to be more likely to click the download link.

The app has since been pulled from both the Google Play store and the iOS App Store, so no new devices should be infected at this point.

You may remember that the mildly popular social networking application Path was uploading contacts in a similar way earlier this year, although not for nefarious purposes.

It’s still unclear how an app like this made it into the App Store, since most apps that violate Apple’s policies never make it past the review process.

Source: Securelist Via: Macgasm

Deals of the Day

  • davidgoscinny

    Makes you wonder how thorough their approval process is. :-/

  • Kenton Presbrey

    I’ve often wondered how thorough the approval process could possibly be with the amount of applications that are submitted per day (according to Google its around 630). They must have some sort of software that processes submitted Apps, as it would be nearly impossible for a group of people to manually review nearly 4,500 Apps thoroughly every week.

    I hate to be an apologist here, but Apple has no model to refer to when it comes to running an App Store. No other company has had to review this amount of software to ensure that its not malicious in anyway. I personally find it rather impressive that their haven’t been issues prior to this. Hopefully this is a one-time-thing.

  • RedRapper

    I wonder what negative impact this will have on other legitimate apps that have similar names and functions. Hopefully apps like ReadAndCall and others which are good don’t receive unwarranted negative reactions. Many developers work hard to produce good Apps and one bad “apple” can ruin countless hours of good work.