Warning: Fake Instagram app on Android is malware

Summary:Malware writers have created a fake Instagram app for Android that is really a Trojan in disguise. The idea is to make money by leveraging all the hype surrounding Facebook's acquisition of Instagram.

There's a new Trojan on the block that is looking to take advantage of all the hype surrounding Facebook's acquisition of Instagram. Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users. Sophos, which first discovered the malware, calls it "Andr/Boxer-F."

Ever since Facebook announced plans to acquire Instagram for approximately $1 billion in cash and stock, there has been a lot of hype surrounding the app. I'm not just talking about rumors (like Facebook beating Twitter to Instagram or the the original price being $2 billion).

A day after the acquisition announcement, Instagram became the top free iPhone app on Apple's App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers). The Instagram hype is higher than ever, and malware writers are of course looking to cash in.

They have set up fake websites advertising fake Instagram apps, which by the way don't really do a good job of looking like the real Instagram app. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.

As for the picture of the man at the top of this article, I think I've held your curiosity for long enough. I'll tell you this right away: his identity is unknown. The man could be the malware author, his or her friend, his or her enemy, a celebrity, or just a random person found online.

The .apk file for this particular Android app includes his picture multiple times. Sophos speculates that it is included more than once to change the fingerprint of the file, in the hope that rudimentary anti-virus scanners won't be able to detect the difference in fingerprints.

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Instagram link: play.google.com/store/apps/details?id=com.instagram.android.

See also:

Topics: Security, Android, Apps, Google, Malware, Social Enterprise

About

Emil is a freelance journalist writing for CNET and ZDNet. Over the years, he has covered the tech industry for multiple publications, including Ars Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.