Apps on Apple's iTunes store are vetted at length to make sure they are safe for users and comply with rules set by Apple. In a rare instance, something malicious seems to have gotten through this process and onto users' phones.
A malicious app called "Find and Call" was briefly available on both Apple's iTunes and Google's Play app stores, the Moscow-based antivirus vendor
Though the "Find and Call" app itself seems to just send text-message spam, its website requests details for users' accounts with PayPal, social networks and email providers.
"Malware in the Google Play is nothing new but it’s the first case that we’ve seen malware in the Apple App Store," Kaspersky Lab's Denis Maslennikov wrote in the blog post. "It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago."
(Ars Technica notes in a separate report that there was
The Find and Call app has been removed from Apple's and Google's app stores, Kaspersky said in an update to its blog post.
When used, the app uploads all of a user's contacts to a remote server and sends text-message spam to that user's contacts. The text messages appear to come from the user that downloaded the app, and they encourage recipients to also download the app, Kaspersky says.
The app's developer told the Russain blog AppleInsider.ru that the text-message spam was a "bug" that it is fixing, according to Kaspersky Lab's translation.
Apple did not respond by deadline to phone messages requesting comment. An Apple representative
