Yesterday Kaspersky Lab found a trojan app both on Google Play and Apple App Store, it's called "Find and Call" (Figure 1)。After installation, if you have SIM card on your phone, it will tell you to input phone number to register; if there is no SIM card but Wifi is available, it will tell you to input e-mail address to register (Figure 2). Actually, these information are not verified by server, this app just collects contact info from your phone book and send back to CnC server. Then spam SMS will be issued from the server and masqueraded as a trusted source. Figire 3 is the app running screen shot.

AegisLab Antivirus Scanner can detect this malicious app (Figure 4) ; As for iOS user, you have to remove this app ASAP! (perhaps your sensitive info leaked already...)

Figure 1: App installed completely 



Figure 2: Input e-mail address to register


Figure 3: "Find and Call" is running


Figure 4: AegisLab Antivirus Scanner detected


By AegisLab