Warning: Fake Instagram app on Android is malware

Warning: Fake Instagram app on Android is malware

Summary: Malware writers have created a fake Instagram app for Android that is really a Trojan in disguise. The idea is to make money by leveraging all the hype surrounding Facebook's acquisition of Instagram.


There's a new Trojan on the block that is looking to take advantage of all the hype surrounding Facebook's acquisition of Instagram. Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users. Sophos, which first discovered the malware, calls it "Andr/Boxer-F."

Ever since Facebook announced plans to acquire Instagram for approximately $1 billion in cash and stock, there has been a lot of hype surrounding the app. I'm not just talking about rumors (like Facebook beating Twitter to Instagram or the the original price being $2 billion).

A day after the acquisition announcement, Instagram became the top free iPhone app on Apple's App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers). The Instagram hype is higher than ever, and malware writers are of course looking to cash in.

They have set up fake websites advertising fake Instagram apps, which by the way don't really do a good job of looking like the real Instagram app. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.

As for the picture of the man at the top of this article, I think I've held your curiosity for long enough. I'll tell you this right away: his identity is unknown. The man could be the malware author, his or her friend, his or her enemy, a celebrity, or just a random person found online.

The .apk file for this particular Android app includes his picture multiple times. Sophos speculates that it is included more than once to change the fingerprint of the file, in the hope that rudimentary anti-virus scanners won't be able to detect the difference in fingerprints.

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Instagram link: play.google.com/store/apps/details?id=com.instagram.android.

See also:

Topics: Security, Android, Apps, Google, Malware, Social Enterprise

Emil Protalinski

About Emil Protalinski

Emil is a freelance journalist writing for CNET and ZDNet. Over the years,
he has covered the tech industry for multiple publications, including Ars
Technica, Neowin, and TechSpot.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I don't care much for Instagram

    I don't have that much use for it.

    The needs of the few outweigh the need of the many when it comes to applications.
    Grayson Peddie
  • Hi Dear

    Hi Dear
    my name is Janifer williems, am 23 years old girl,
    How are you today? i hope all is well with you, because it is my great pleasure to contact you today to have communication with you from today, please i will like to have the desire with me so we can get to know each other better and see what will happens in the future.
    I will be very happy if you can write me through my email so that i can send you my pictures(janiferwilliems95@yahoo.com ) to facilitate communication so that we know,i will send you my pictures and details about me, hope to hear from you. waiting for your response and I wish you all the best.Yours new friend Janifer