In what appears to be a strange slip on Apple’s part, Securelist is reporting that a Trojan Horse made its way into the iOS App Store this morning. The app, known as “Find and Call”, was available on both the iOS App Store and Google Play, and received a flood of bad reviews before being pulled from both stores.
Find and Call is little more than an app designed intentionally to scam its users and their friends. In a sense, the app did live up to its name, if you interpret ‘Find’ as uploading your contacts to its servers, and ‘Call’ as alerting everyone in your contacts via text to download the app.
The crafty part about the app is that after uploading your contacts, it would mask the outgoing SMS messages it sent with your own phone number, causing your friends to be more likely to click the download link.
The app has since been pulled from both the Google Play store and the iOS App Store, so no new devices should be infected at this point.
You may remember that the mildly popular social networking application Path was uploading contacts in a similar way earlier this year, although not for nefarious purposes.
It’s still unclear how an app like this made it into the App Store, since most apps that violate Apple’s policies never make it past the review process.