Apple and Google have promptly removed the Find and Call trojan app that appeared on their respective online stores.
The app, which is the first trojan to hit Apple's App Store, masquerades as a tool for simplifying contact lists but instead spams everyone on the list with requests to download the app.
Kaspersky Lab was alerted about the Trojan's activities by its partner MegaFon, one of the major mobile carriers in Russia, and at first glance it appeared to be a worm spreading via SMS.
However, its analysis of the iOS and Android versions of the app showed that it's not an SMS worm but a trojan that uploads a user's phonebook to a remote server.
According to Kaspersky, the spam messages with the link to the application are being sent from the remote server to all the contacts in the user's address book.
"Malware in the Google Play is nothing new but it's the first case that we've seen malware in the Apple App Store," said Denis Maslennikov, Kaspersky lab expert, on his blog post.
"It is worth mentioning that there have not been any incidents of malware inside the iOS Apple App Store since its launch 5 years ago."