IOS_INFOLKCONTACTS.A
iOS
Threat Type: Others
Destructiveness: No
Encrypted:
In the wild: Yes
OVERVIEW
This malware disguises itself as an app named Find and Call.
To get a one-glance comprehensive view of the behavior of this Others, refer to the Threat Diagram shown below.
It is a malicious app that uploads a user's phone book to a remote server. The server then sends spammed SMS and email messages to the user's contact list.
It has a brother build on Android as well.
This malware may be manually installed by a user.
It sends the information it gathers to remote sites.
TECHNICAL DETAILS
Arrival Details
This malware may be manually installed by a user.
Information Theft
This malware sends the information it gathers to remote sites.
NOTES:
It has a brother build on Android as well.
It can be downloaded via App store. As of this writing, Apple has already removed the said app.
Below is the screenshot of this app on App Store:
Upon execution, it reads all user's address book information and sends it to a remote server.
The contacts found on the affected user’s phone book then receives spammed SMS and email messages. These spammed SMS and email messages have a link leading to the copy of the said app.
Based on the analysis, it is server and not the app that sends the spammed SMS and email messages. The app is only used to leak address book information without the user’s knowledge.
SOLUTION
Scan your computer with your Trend Micro product to delete files detected as IOS_INFOLKCONTACTS.A . If the detected files have already been cleaned, deleted, or quarantined by your Trend Micro product, no further step is required. You may opt to simply delete the quarantined files. Please check this Knowledge Base page for more information.
NOTES:
To remove the malicious app from your iOS device:
1. Press and hold down the app icon until the Delete sign appears on the icon's upper-left hand corner.
2. Press the Delete sign to remove the app from the device.
Did this description help? Tell us how we did.