Distributed under the name Find and Call, this program first requests the user to register by providing their email address. It then searches for emails, addresses, and phone numbers from the user's contact list. This information is then synched with a remote server. Once synched, the server will send an SMS message containing a link to download the application to the contacts, which is essentially a spam. The SMS messages reportedly contain the user's phone number in the 'From' field.
Fidall.A's icon and request for the user to provide an email address
Another issue concerning Fidall.A is that the data transmitted between the device and the remote server is in plain text, which easily exposes the content if intercepted by another party.
The application is also fully capable of synching with the contacts from the user's email, Facebook, and Skype accounts. The application's website also reportedly allows user to enter their social network and online payment merchant details.
At the time of writing, both the Apple App Store and Google Play have removed the application. This incident marks the first time the Apple App Store has had to remove a trojan from its market.