The malware, first reported by security firm Kaspersky Labs, uploads an end user's contact list to a remote server and uses that information to spam those contacts with text messages and emails, spoofing them to appear to come from the original user's accounts.
The app has since been removed from both the iOS App Store and Google Play. Google Play was actually the first marketplace to remove the malware. Later, Apple sent the following statement to the media: “The Find & Call app has been removed from the App Store due to its unauthorized use of users’ Address Book data, a violation of App Store guidelines.”
Indeed, that was a rather unusually mild way of putting it.
discovered a way to slip unsigned code into an app that was approved for entry into the App Store.
While his app was a benign demonstration app, it still showed that nothing, not even the App Store curation process, is proof against all malware.
The "Find and Call" app, however, is believed to be the first live spamware to make it into the App Store.