There's a new Trojan on the block that is looking to take advantage of all the hype surrounding Facebook's acquisition of Instagram. Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users. Sophos, which first discovered the malware, calls it "Andr/Boxer-F."
A day after the acquisition announcement, Instagram became the top free iPhone app on Apple's App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers). The Instagram hype is higher than ever, and malware writers are of course looking to cash in.
They have set up fake websites advertising fake Instagram apps, which by the way don't really do a good job of looking like the real Instagram app. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.
As for the picture of the man at the top of this article, I think I've held your curiosity for long enough. I'll tell you this right away: his identity is unknown. The man could be the malware author, his or her friend, his or her enemy, a celebrity, or just a random person found online.
The .apk file for this particular Android app includes his picture multiple times. Sophos speculates that it is included more than once to change the fingerprint of the file, in the hope that rudimentary anti-virus scanners won't be able to detect the difference in fingerprints.