The first known instance of malware in an app in Apple’s App Store has been discovered by researchers at security firm Kaspersky, reports Wired. The malware was found in a Russian language app called Find and Call that claims to be a utility to simplify contact lists and is available in the Apple App Store and Google Play.

The app is a Trojan programme that uploads users’ contacts to a remote server which then spams those email addresses and phone numbers with messages that appear to come from the user themselves, telling them to download the app. GPS coordinates are also uploaded. The app does ask permission to access the user’s address book but does not say the data will be copied to another location.

Apple spokesperson Trudy Muller told Wired that Find and Call has now been removed from the App Store “due to its unauthorised use of users' address book data, a violation of App Store guidelines." The app also appears to have been removed from Google Play.

The developer behind Find and Call told AppleInsider.ru that the spam issue was due to a bug with the technology during beta testing which is being fixed.

Malicious apps have previously been seen on Android Market and now Google Play – which now has improved security – but this is the first time Apple’s App Store review process has been breached by such an app.