Employees of AppleInsider.ru, specialized services of the operator "Megafon" and the laboratory of "Kaspersky" in the Apple App Store detected a malicious application. The spam application has also appeared on Google Play.
The reason that shook the specialists was the Find & Call Trojan. It was disguised as an app that could identify a phone number via email. Moreover, a tempting offer for people new to digital fraud was the ability to make "free calls to domains, email, Skype, social networks."
An unsuspecting user, in pursuit of a "freebie", installed software on his smartphone. Then the program requested access to the phone book. Then all numbers were copied to the server of the authors of the application. Further, SMS was sent to all phone numbers containing a link and offering to install the software. Moreover, the phone number of the owner of the address book was reflected in the sender field. If a person followed the link, he became part of a spam network, this led to the fact that only in the metropolitan region two and a half thousand SMS are reported. The real extent of the spam network is still impossible to assess.
At the moment, mobile operators have blocked the dangerous link. The app may still be available on Google Play and the App Store, so be careful.
Find & Call is able to steal an account on social networks, postal services and PayPal, provided that the user indicates his data on the website of the dangerous software.
The developers of the application deny their involvement in the creation of the spam network. The authors of Find & Call say that there was a technical glitch in testing the beta version of the program. And the SMS was sent not at the expense of the deceived user, but from the equipment of the software creators.
Also, Apple will have to strengthen the App Store's security mechanisms due to the recent story with a Russian hacker who was able to bypass the digital store's payment system by simulating the purchase process and its confirmation.