This isn’t supposed to happen in the App Store ecosystem.
Early Thursday morning, Kaspersky posted a blog entry that details a new malicious app that has made it’s way to both the Apple App Store and Google Play Store. The app’s name is Find and Call, and it’s the first time we’ve ever seen a malicious app make it into Apple’s App Store.
Once installed, the app asks you to register your phone number and email address. Find and Call will also ask if you want to “find friends in a phone book” before discretely uploading your entire contact list to a remote server. The app will continue to upload your contacts, and will SMS messages to those people that contain a link to download the app themselves. These SMS messages show up as if they were sent from your number, so the recipients are much more likely to click on the link. (via Report: Trojan Horse found in the iOS App Store | Macworld)