Mobile Virus

iPhoneOS/FindCall.A!tr.spy

Analysis

iPhoneOS/FindCall.A!tr.spy is the iPhone version of Android/FindCall.A!tr.spy. It consists in a system to find emails, addresses or phone numbers of your contacts or people you may be interested in.
You can add contacts to the 'application' by searching from your email, Facebook, Skype accounts. But if you do,

  • all those contacts are spammed and receive a SMS telling them they should install the application.
  • your email/ Facebook/ Skype/ account password is sent in plaintext (thus insecure)
  • your location is sent in plaintext
  • all your searches within the application are sent in plaintext

Figure 1. The Find And Call application is installed on the device

Figure 2. Splash screen of the malware

.

Recommended Action

    FortiGate Systems
  • Check the main screen using the web interface for your FortiGate unit to ensure that the latest AV/NIDS database has been downloaded and installed on your system - if required, enable the "Allow Push Update" option.
    FortiClient Systems
  • Quarantine/delete files that are detected and replace infected files with clean backup copies.