w********1
发帖数: 3492 | 1 Thu, 05 Jul 2012 10:38:40 PDT
Earlier today, Russian security firm Kaspersky Lab reported that it had been
alerted to an app available in both Apple's App Store and the Google Play
store for Android that was quietly harvesting users' address book contacts
and sending them to the developer's servers. The developer's systems were
then sending text messages to those contacts advertising the application,
with the "From" field being spoofed with the original user's mobile phone
number.
The application, Find and Call, ended up primarily targeting Russian users
due to its use of the Russian language in the app description, but the app
was available in App Stores around the world. The report notes that while
there have been previous incidents of personal information being transmitted
inappropriately from App Store apps, this appears to be the first time that
such information has been used in a malicious manner.
Malware in the Google Play is nothing new but it’s the first case that we’
ve seen malware in the Apple App Store. It is worth mentioning that there
have not been any incidents of malware inside the iOS Apple App Store since
its launch 5 years ago. But the main issue here is user’s privacy again. It
’s not for the first time when we see incidents related to user’s personal
data and its leakage. And it’s for the first time when we have confirmed
case of malicious usage of such data.
In several updates to the original post, Kaspersky Lab notes that spam
invites are also being sent via email. One user was also able to get in
touch with the application's author, who claims that the behavior is a bug,
although the explanation certainly appears to be suspect.
It now appears that Apple has removed Find and Call from the App Store, as
links to the app in the U.S. and Russian App Stores show that it is
unavailable. The app did exist for some time, however, as it debuted in the
App Store on June 13.
Apple has been working to limit third-party apps' access to personal data,
and will be rolling out enhanced permission requirements in iOS 6 to alert
users when their data is being accessed. |
|
