Kaspersky expert detects App Store and Google Play malware
Russian app spams contact list
Denis Maslennikov claims a Russian language utility app named Find and Call is in fact a trojan designed to upload a user's co-ordinates and contact list to a remote server.
The server then sends spam text messages to said contacts, each one suggesting they download Find and Call.
Call in question
The idea is, those who receive the text message in question believe the recommendation is genuine, given it comes from a trusted source rather than spam.
Find and Call is by no means the first piece of alleged malware to grace smartphone marketplaces, however, and has already been removed from both the App Store and Google Play following the furore.
The app's developer, however, has claimed in an emailed statement to Russian website Apple Insider that the text messages are the result of a 'bug' that's currently being fixed rather than an intended directive to utilise contact lists in such a way.
The first and only?
Other applications have previously made use of contact details without the express permission of users in a similar manner, including the iOS Path app.
Numerous clone apps masquerading as popular games have also frequently scam hundreds of customers out of their cash.
A fake Pokemon Yellow app, for instance, recently reached #12 on the US App Store's overall top grossing chart. When users attempted to open the 99c application, it would simply crash.