This application is called ‘Find and Call’ and can be found in both the iOS Apple App Store and Android’s Google Play. This is a Trojan that uploads a user’s phonebook to remote server. The 'replication' part is done by the server - SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
If user launches this application he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If user wants to ‘find friends in a phone book’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server.
Both apps are also able to upload user’s GPS coordinates to the same server but such ‘feature’ is not that new for both malicious and legal apps to be honest.
So, what happens next? User will be able to continue using the application but at the same time the application steals data from the device (phone book and cell phone numbers) which are uploaded to a remote server to be used for SMS spam campaigns. Each phone book entry will receive SMS spam message offering to click on the URL and download this ‘Find and Call’ application. It is worth mentioning that the ‘from’ field contains the user’s cell phone number. In other words, people will receive an SMS spam message from a trusted source.
Small F.A.Q.
- 1. Are these apps malicious? Yes.
- 2. Why? Both apps upload user’s phone book to remote server and use it for SMS spam. That’s why we detect them as Trojan.AndroidOS.Fidall.a and Trojan.IphoneOS.Fidall.a
- 3. Who created them?
So be very cautious when you are downloading apps. Be sure to view the user reviews about the app before you downloading them.
0 comments:
Post a Comment