AnalysisiPhoneOS/FindCall.A!tr.spy is the iPhone version of Android/FindCall.A!tr.spy. It consists in a system to find emails, addresses or phone numbers of your contacts or people you may be interested in.
You can add contacts to the 'application' by searching from your email, Facebook, Skype accounts. But if you do,
- all those contacts are spammed and receive a SMS telling them they should install the application.
- your email/ Facebook/ Skype/ account password is sent in plaintext (thus insecure)
- your location is sent in plaintext
- all your searches within the application are sent in plaintext
Figure 1. The Find And Call application is installed on the device
Figure 2. Splash screen of the malware
- Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
- Quarantine/delete files that are detected and replace infected files with clean backup copies.