Sign in with
Sign up | Sign in

Fake Instagram App Laced with Malware Appears on Android

By - Source: Sohpos | B 6 comments

Sophos has discovered a fake Instagram app loaded with the Andr/Boxer-F trojan.

Sophos reports that cybercrooks are taking advantage of Instagram's launch on Android -- and its recent purchase by Facebook -- by releasing fake Instagram apps packed with malware.

Are we surprised? Of course not. Hackers tend to gravitate to popular subjects like the death of a movie star or the release of a popular game. In this instance, they've created a fake Instagram app for Android packed full of malicious goodness because it's an extremely hot topic, and likely to generate some cash from untrained consumers looking to get in on the action.

According to the security firm, the fake app is loaded with Andr/Boxer-F. "In our tests, the app didn't do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator," Sophos reports. "[That's] because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue."

In addition to the payload, the company also discovered something else that was a little peculiar. "Curiously, contained inside the .APK file is a random number of identical photos of a man," the company says. "Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognizing the malicious package."

Eventually a Sophos reader discovered the unnamed man standing in a Moscow wedding picture although the version in the app shows just the unnamed man cropped out and the background erased. "It seems the man pictured has become something of an internet phenomenon after his photo was shared widely on Russian internet forums," Sophos adds. "But the reality is that it's just a snapshot at a Moscow wedding."

Unfortunately, Sophos didn't really explain what the fake Instagram app actually does in regards to making money from consumers. However this particular piece of malware works by sending out SMS messages to a premium number, thus the end user is charged a huge sum of money which hackers ultimately pocket.

Just last week security firms discovered a fake version of Angry Birds Space floating around in alternative Android markets. This one carried its payload, Andr/KongFu-L, at the tail end of a JPEG image file. Once activated, it opened the door for additional malware to be downloaded to the local device, making it part of an Android botnet and thus under the control of malicious hackers.

"Android malware is becoming a bigger and bigger problem, of course," Sophos reports. "It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait."

Naturally the best way to avoid this kind of malware is to download apps from Google Play, Amazon's Appstore and perhaps even GetJar. Grabbing apps from other sources is somewhat risky business, especially if you see more than one copy listed together.

Display 6 Comments.
This thread is closed for comments
  • 0 Hide
    Darkk , April 20, 2012 2:30 AM
    The pop up with a list of permissions prior to installing the apps is there for a reason. Can't really blame anybody else but those who don't take the time to read or understand them.

  • 0 Hide
    maddad , April 20, 2012 2:59 AM
    If you don't install a program because it needs complete access to your phone, then you might as well avoid 95% of all Androd apps or games. (And I do for that reason by the way). I find it absolutely amazing all the permissions Android programs require. I bought my Android phone base on all the great things people were saying about Android vs IOS. I can't use hardly anything in the Android Market other than music or books because of all the permissions.
  • 1 Hide
    gsxr1181 , April 20, 2012 3:12 AM
    Google better fix the issues with the Play Store. Every time I update my apps, at least one of them starts spamming my notification bar. Then I have to use AirPush to find it and then remove the app. It's getting real aggravating. There going to have to start doing some sort of QC before apps are launched.
  • 1 Hide
    ap3x , April 20, 2012 12:54 PM
    How do people complain about Apples walled garden approach while dealing with issues like this. I don't understand it. Nothing wrong with having an approval process for applications to make sure this kind of crazyness does not happen. I don't even bother unlocking my phone for this very reason.
  • 0 Hide
    stingray71 , April 20, 2012 3:25 PM
    ap3xHow do people complain about Apples walled garden approach while dealing with issues like this. I don't understand it. Nothing wrong with having an approval process for applications to make sure this kind of crazyness does not happen. I don't even bother unlocking my phone for this very reason.


    Cause most of these idiots are getting it from alternative sites other than Google Play. Some malicious Apps have made it on Google Play, most are dealt with quickly. Few bad apps have gotten on Apples App store as well, so no one is immune.

    I only get my apps from amazon or google play and have experienced zero issues.
  • 0 Hide
    house70 , April 30, 2012 1:05 AM
    maddadIf you don't install a program because it needs complete access to your phone, then you might as well avoid 95% of all Androd apps or games. (And I do for that reason by the way). I find it absolutely amazing all the permissions Android programs require. I bought my Android phone base on all the great things people were saying about Android vs IOS. I can't use hardly anything in the Android Market other than music or books because of all the permissions.

    Sounds weird, but most of these permissions are legit. Example: why does an app need permissions to read your phone state? Because otherwise, it would not know when to drop in the background when your phone rings. You would miss a call because of that. The same goes for iOS, don't believe for a second that just because iOS doesn't always tell you what app needs what permission, apps don't actually get those permissions behind your back.
    Bottom line is: as long as you get your apps from a legitimate source (and the beauty of Android is that there is more than one legitimate source out there) your risk is close to zero. The only few instances that bad apps make their way to one of these legit stores they're quickly dealt with.
    If you leave the "install apps from unknown sources" unticked, you pretty much restrict yourself to only one legit source: Google Play. That way you can be sure there is no malicious app on there. I have used Amazon's AppStore and G-Play with no issues whatsoever for a long time.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter