Apple, Google take down spamming app
Apple Inc. and Google Inc. have yanked out a new app from their respective online stores, after a security vendor revealed the app was sending spam to the user's smartphone contacts.
Tech site CNET reported Friday (Manila time) the "Find and Call" app was found to take the contacts in a smartphone and send unsolicited messages to them.
"The Find & Call app has been removed from the App Store due to its unauthorized use of users' Address Book data, a violation of App Store guidelines," CNET quoted Apple spokesperson Trudy Muller as saying.
Kaspersky also said the app was removed from Google Play.
Earlier, Kaspersky said the app would offer to find friends from the user's phone book - then capture the phone book data and transmit it to a remote server.
The malware would then send spam messages to the user's contacts, making it appear they came from the user.
According to Kaspersky, the app was first thought to be an SMS worm, but its analysis of both iOS and Android versions of the app showed it to be a Trojan.
"(It) uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book," it said.
Kaspersky's findings also showed the iOS and Android versions of the app can upload the user’s GPS coordinates to the same server.
"We’re sure that both applications must be deleted from the official markets. Yes, these pieces of malware are not that ‘cybercriminalistic’. But malware is malware and in this case it steals user’s phone book and uses it for SMS spam. And we’re sure that there must be strict and quick response to such incidents. Period," Kaspersky stressed. — TJD, GMA News
Talk of the web