our analysis of the iOS and Android versions of the same application showed that it’s not an SMS worm but a Trojan that uploads a user’s phonebook to remote server. The ‘replication’ part is done by the server – SMS spam messages with the URL to the application are being sent from the remote server to all the contacts in the user’s address book.
The first malicious application has reached the AppStore. While it is “only” a spam application, it does makes on think about the approval process and how it got through. It is a pretty good track record for Apple though, with only one (publicly known) trojan since its inception.