Fake Instagram App Laced with Malware Appears on Android
Sophos has discovered a fake Instagram app loaded with the Andr/Boxer-F trojan.
Sophos reports that cybercrooks are taking advantage of Instagram's launch on Android -- and its recent purchase by Facebook -- by releasing fake Instagram apps packed with malware.
Are we surprised? Of course not. Hackers tend to gravitate to popular subjects like the death of a movie star or the release of a popular game. In this instance, they've created a fake Instagram app for Android packed full of malicious goodness because it's an extremely hot topic, and likely to generate some cash from untrained consumers looking to get in on the action.
According to the security firm, the fake app is loaded with Andr/Boxer-F. "In our tests, the app didn't do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator," Sophos reports. "[That's] because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue."
In addition to the payload, the company also discovered something else that was a little peculiar. "Curiously, contained inside the .APK file is a random number of identical photos of a man," the company says. "Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognizing the malicious package."
Eventually a Sophos reader discovered the unnamed man standing in a Moscow wedding picture although the version in the app shows just the unnamed man cropped out and the background erased. "It seems the man pictured has become something of an internet phenomenon after his photo was shared widely on Russian internet forums," Sophos adds. "But the reality is that it's just a snapshot at a Moscow wedding."
Unfortunately, Sophos didn't really explain what the fake Instagram app actually does in regards to making money from consumers. However this particular piece of malware works by sending out SMS messages to a premium number, thus the end user is charged a huge sum of money which hackers ultimately pocket.
Just last week security firms discovered a fake version of Angry Birds Space floating around in alternative Android markets. This one carried its payload, Andr/KongFu-L, at the tail end of a JPEG image file. Once activated, it opened the door for additional malware to be downloaded to the local device, making it part of an Android botnet and thus under the control of malicious hackers.
"Android malware is becoming a bigger and bigger problem, of course," Sophos reports. "It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait."
Naturally the best way to avoid this kind of malware is to download apps from Google Play, Amazon's Appstore and perhaps even GetJar. Grabbing apps from other sources is somewhat risky business, especially if you see more than one copy listed together.