from tomsguide.com: Kaspersky has discovered the first-ever malicious app on Apple's App Store.
Kaspersky Lab is calling this a first-ever for Apple: an app offered on the App Store containing malware. The security firm confirmed its existence on Thursday, reporting that the malicious app was also available to download from Google Play. The app has since been removed from both markets as of this writing.
According to Kaspersky, the application was called "Find and Call." At first glance, it seemed to be an SMS worm spread via sending short messages to all contacts stored in the phone book with the URL to itself. But after careful study, the firm discovered it to be a Trojan that uploaded a user’s phonebook to remote server.
"If user launches this application, he will be asked to register in the app using his email address and cell phone number (both fields won’t be checked for validity). If the user wants to ‘find friends in a phone book,’ his phone book data will be secretly (no EULA/ terms of usage/notifications) uploaded to remote server," the security firm reports.
Both the iOS and Android Apps were also able to upload the users' GPS coordinates to the same server, the company said. Meanwhile, device owners were capable of using the application unaware of its malicious intent while it secretly stole data from the device (phone book, cell phone numbers), and uploaded the info to a remote server.