The recent $1 billion acquisition of Instagram by Facebook and the release of an Android app have created immense hype around the Instagram photo sharing startup, and cyber scammers are reportedly looking to cash in on the app's popularity.
Security researchers from Sophos and TrendMicro have recently discovered malicious versions of the popular app. Sophos identified the malware as Andr/Boxer-F, while TrendMicro identified it as ANDROIDOS_SMSBOXER.A.
Web security firm Sophos has uncovered several fake Instagram versions across the Web, designed to "earn money from unsuspecting users," wrote Sophos analyst Graham Cluley in a company blog post.
Sophos Points to Russian Web Site
According to Cluley, a Russian Web site claimed to offer the Instagram app for Android, but "if you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone."
The analyst further detailed that Sophos tested the fake app and found it was sending expensive background SMS messages to earn revenue for the scammers. The fake apps seem to form quite a trend. Not long ago, Sophos identified fake Angry Birds Space apps, which carried a Trojan. "It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait," Cluley added.
Who's That Guy?
Curiously, the fake Instagram app includes the photo of an unidentified man in the .APK file. The photo is included multiple times within the file. "Maybe the reason why this picture is included multiple times is to change the fingerprint of the .APK file in the hope that rudimentary antivirus scanners might be fooled into not recognizing the malicious package," writes Sophos. "We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download."
In an update, Sophos then informs us that the man in the picture has been identified by Naked Security readers. Apparently, the man has become an Internet joke after his photo was widely shared online. The photo pictures him at a Moscow wedding, dressed a bit too casually for the occasion. The man became a Russian meme, randomly photoshopped in various images.
Android Users, Beware
Android allows users to download and install apps from anywhere, but analysts recommend only official sources to reduce the risk of compromising your smartphone with malicious apps. The official version of the Instagram app for Android is available in the Google Play store.
(reported by Alexandra Burlacu, edited by Surojit Chatterjee)
© Copyright 2024 Mobile & Apps, All rights reserved. Do not reproduce without permission.