Apple’s model in their App Store is that they check all apps that get submitted. Though, once in a while, an app that apple does not like (like a tethering app, a video download app, or an emulator app) gets passed though Apple submission process, but not a malicious app.
Recently, a Russian malicious scam app surfaced in the iOS App Store. Titled “Find and Call”, the app can make the iPhone a zombie. First discovered in Kaspersky’s lab, they discovered that the app was more than just scamware, but it was also a Trojan. The trojan will take all of the user’s contact and send the contacts to a remote server in which the server will create loads of spam text to any numbers in the user contacts.
It’s not for the first time when we see incidents related to user’s personal data and its leakage, [though] it’s for the first time when we have a confirmed case of malicious usage of such data…Yes, these pieces of malware are not that ‘cybercriminalistic’. But malware is malware and in this case it steals user’s phone book and uses it for SMS spam.
Although we have seen malware apps on the Google Play Store before, this is one of the rare times an iOS app, that would have been rejected by Apple, had been approved by Apple and is on the iOS app store. Not only it is an app that would be rejected by Apple, a malicious app.
As of right now, the apps are removed from the Apple’s iOS App Store and Google’s Play Store and most of the affected users appear to be Russian based on the complaints. After Kaspersky sent a memo to Google and Apple about the issue, they removed the app from their stores.
Let this be a warning to you users, just because someone/some company controls what app gets approved, there will be times when a malicious app gets passed through the submission process and cause havoc on your devices.