Apple has removed an app from its App store that could steal users' phonebooks to launch text message spam, marking the first time that malicious software has been found in the company's tightly-secured app marketplace, a researcher said Thursday.
The app, known as "Find and Call," asked users to sign in with an email address and cell phone number, then uploaded their phone's contacts to a remote server to send spam text messages, according to a blog post by Denis Maslennikov, a researcher at the Russian security firm Kaspersky Lab.
The spam messages appeared to come from a trusted source because they included the sender's phone number, Maslennikov said. They said: "Now I'm here and it's easier to reach me with the help of a free application," then contained a link to download the app.
It was unclear who wrote the app, Maslennikov said. Its website allowed users to enter their social networking and email accounts and asked them to transfer money from their PayPal accounts to a company in Singapore called "labwealth.com."
The app was also available in Google's Android Market, known as Google Play. By late Thursday, both Apple and Google had removed the app, Maslennikov said.
"The Find & Call app has been removed from the App store due to unauthorized use of users' address book data, a violation of App store guidelines," an Apple representative told The Huffington Post
Security researchers have said Apple's App store is more secure than Google Play because Apple has a stricter policy for evaluating apps before they can be downloaded. Earlier this year, Google said it had launched a new security service to scan new apps as developers submit then to the app marketplace.
Maslennikov said there have not been any incidents of malware inside Apple's App store since it launched five years ago.
"Malware in Google Play is nothing new but it's the first case [of] malware in the Apple App store," Maslennikov wrote.
Spam text messages are mostly a minor annoyance, but they are becoming more widespread. American consumers received about 4.5 billion spam texts last year, more than double the amount received in 2009, according to Ferris Research, a market research firm.
"Find and Call" was the latest cyber-security issue to affect Apple. In April, a widespread computer virus known as "Flashback" or "Flashfake" spread quickly around the world, downloading itself onto an estimated 600,000 Macs and allowing hackers to gain remote access to victims' computers.