security

  Advertise on ITWeb         Sun, 01 May, 21:24:13 PM

Android malware targets Instagram

Cyber criminals are using popular mobile applications to trick users into downloading malicious files.

Cashing in on the hype surrounding popular photo-sharing application Instagram, a number of fake versions of the app are doing the rounds online.

Senior technology consultant for Sophos, Graham Cluley, says: “Naturally, the Facebook acquisition news raised Instagram to even higher levels of public awareness and that's where the bad guys stepped in. Cyber criminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users.”

Cluley says if users download the Instagram app from anywhere other than the official Google Play store, or directly from the Instagram Web site, they are running the risk of infecting their smartphones with malware.

One example is a Russian Web site that mimics the look of the Instagram site, and offers users a free download.

“In our tests, the app didn't do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying on the sending of background SMS messages to earn its creators revenue,” says Cluley.

Recently, users looking to download Angry Birds Space were also being targeted. Other popular smartphone apps being used in the scheme are Fruit Ninja, Temple Run and Talking Tom Cat.

Fraud analyst for Trend Labs, Karla Agregado, says: “Both the rogue Instagram and Angry Birds Space are detected as ANDROIDOS_SMSBOXER.A. Based on our initial analysis, the malware will ask users to permit the sending of a query using short numbers to supposedly activate the app. In reality, this malware sends a message to specific numbers. The rogue app also connects to specific sites, to possibly download other files onto the device.

“Users are advised to remain cautious before downloading Android apps, especially those hosted on third-party app stores,” says Agregado.

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Our comments policy does not allow anonymous postings. Read the policy here




Company news

  to Security newsletter.

 


Top news


Event Videos


: Vodacom talks Security Summit 2016


Vodacom’s Vernon Fryer weighs in on ITWeb’s annual Security Summit, to be held on 17 and 18 May at Vodaworld in Midrand, where world leaders in information security will gather to discuss all the latest risks and preventative measures.

..

ITWeb Security Summit 2016
17-18 May / Vodacom World, Midrand
Steve Jump,  head of corporate information security governance Telkom SA SOC LtdThe science of information security – avoiding murphy's law
Do you have the information security you think you have paid for? And really have the security you need?
Steve Jump, head of corporate information security governance Telkom SA SOC Ltd
Knowing how it should be protected removes risk, secure your seat today!
Event Sponsor Diamond Sponsor