Warning: Fake Instagram app on Android is malware

There's a new Trojan on the block that is looking to take advantage of all the hype surrounding Facebook's acquisition of Instagram. Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users. Sophos, which first discovered the malware, calls it "Andr/Boxer-F."

Ever since Facebook announced plans to acquire Instagram for approximately $1 billion in cash and stock, there has been a lot of hype surrounding the app. I'm not just talking about rumors (like Facebook beating Twitter to Instagram or the the original price being $2 billion).

A day after the acquisition announcement, Instagram became the top free iPhone app on Apple's App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers). The Instagram hype is higher than ever, and malware writers are of course looking to cash in.

They have set up fake websites advertising fake Instagram apps, which by the way don't really do a good job of looking like the real Instagram app. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.

As for the picture of the man at the top of this article, I think I've held your curiosity for long enough. I'll tell you this right away: his identity is unknown. The man could be the malware author, his or her friend, his or her enemy, a celebrity, or just a random person found online.

The .apk file for this particular Android app includes his picture multiple times. Sophos speculates that it is included more than once to change the fingerprint of the file, in the hope that rudimentary anti-virus scanners won't be able to detect the difference in fingerprints.

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Instagram link: play.google.com/store/apps/details?id=com.instagram.android.

See also:

• Instagram co-founder turned down a job from Mark Zuckerberg
• 10 ways Instagram is to Facebook as YouTube was to Google
• Facebook still has the cash to buy many more Instagrams
• Instagram now top iPhone app
• Bet on Facebook’s next buy: Foursquare? Dropbox? Pinterest?
• Why Facebook acquired Instagram for $1 billion