SAN FRANCISCO, July 9 (UPI) -- A Trojan app, discovered in both the Apple App Store and Google Play, copied address books to a remote server controlled by spammers, security researchers say.
The app called "Find and Call" should be considered more "leak and spam," Denis Maslennikov, a security researcher at Russian security company Kaspersky Lab, wrote in a blog post.
The malicious app, offered last month to Russian-language iPhone and Android users, has been removed from both Apple's and Google's app stores, Information Week reported Monday.
"Malware in the Google Play is nothing new but it's the first case that we've seen of malware in the Apple App Store," Maslennikov said.
"But the main issue here is user's privacy -- again."
The app sent phonebook data to a remote server that then sent spam messages to every contact in a user's address book with a link to a Web site in Singapore.
The site offers users the ability to add money via PayPal to an account on the site Labwealth.com
"If you try to add some amount of money, you will notice that you're trying to transfer money to a company called 'LABWEALTH.COM PTE. LTD,'" Maslennikov warned.