An Instagram trap

Android users be warned: there is a fake Instagram app on the loose looking to capitalise on the hype following the Facebook acquisition.

Tempted to try out the much talked about Instagram app? Well, be careful where you get it from - as malware authors are distributing malware disguised as the popular app.

It's a rain cloud on a summer's day for the Instagram photo-sharing smartphone app, which is otherwise having a glorious time right now.

First of all, Instagram released a first version for Android and managed to get five million downloads in less than a week.

Then the 13-employee firm managed to sell itself to Facebook for a cool $1 billion, making some of us wonder about privacy, and others think - "to heck with that, do I have a program that's never earnt any money that I might be able to flog to Mark Zuckerberg?".

Naturally, the Facebook acquisition news raised Instagram to even higher levels of public awareness and that's where the bad guys stepped in.

Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users.

Here's a Russian website which purports to offer the Instagram app:

If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone.

In our tests, the app didn't do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue.

Sophos products detect the malware as Andr/Boxer-F.

Android malware is becoming a bigger and bigger problem, of course. Just last week we reported on a bogus edition of the Angry Birds Space game that was being used in another attack.

It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait.

Curiously, contained inside the .APK file is a random number of identical photos a man.

Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognising the malicious package.

We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download.

Could he be the malware author? A family friend? A celebrity? Someone who the malware author has a bone to pick with?

Graham Cluley is a senior technology consultant for Sophos and a writer for Sophos Security blog. You can see his profile and his other work here. 

 

 

Related Articles