People who think that downloading apps from the Google Play and iOS App Store is completely safe. Well, think again — the iTunes App Store gets its first trojan.
According to Kaspersky’s latest report, they’ve discussed some utterly alarming facts about an app called “Find and Call”. What may appear to be an SMS worm, is actually a trojan that sends a user’s contact lists to an online server — without the user’s knowledge whatsoever, basically stealing all of your contacts.
But wait! It gets worse…
From thereon, the server will then take advantage of all the contacts uploaded from your device to send out numerous SMS spam that includes a URL on where to download the app — which by the way, contains a message that seems to have been composed solely by you. Hoping to fool your friends, thus, aiding the further spread of the app.
“If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server” as stated by Denis, an expert from Kaspersky Labs.
Since the security/privacy breaching issue behind the ‘find and call’ app has been raised by Kaspersky Labs, the app is no longer available for downloads at the Google Play and iOS app stores.
In the corrupted realm of technology, no one is completely safe. Even the world’s most secure mobile platform — the Blackberry 7 OS, is still vulnerable to trojans and malware if a user of the device running it is recklessly installing apps from the app world. Then again, consumers won’t be able to download/find the forsaken app if the people at Research in Motion (RIM) has reviewed it properly right?
So this brings up the question: Who is to blame for the release of the “Find and Call” app?
Kaspersky has acknowledged the public that the Russian “Find and Call” app may not subject your Android or iOS device to bricking nor can it steal money from unsuspecting users, although, the app’s website appears to be asking users for social networking logins and PayPal account passwords in attempt to gain more personal info [probably] for financial motivations in the future (talk about phishing; how clever!).
{sources: TechGlued, ArsTechnica, SecureList}
How come that these application had been available for iTunes and Google Play, does the iTunes and Google Play does not really filter the apps and make them available?.
How come that these application had been available for iTunes and Google Play, does the iTunes and Google Play does not really filter the apps and make them available?.
Good thing that there are lots of good apps at iTunes to get busy with that we are not affected by some unknown apps…
From Wikipedia:
A Trojan horse, or Trojan, is a standalone malicious file or program that does not attempt to inject itself into other files unlike a computer virus and often masquerades as a legitimate file or program. Trojan horses can make copies of themselves, steal information, or harm their host computer systems.[1] The first and many current Trojan horses attempt to appear as helpful programs. Others rely on drive-by downloads in order to reach target computers.
itunes suck, Google Play Store is safer.
haha.. as if it was not on Google play also.. read the whole story. not just the title..