Fake Instagram app infects Android devices with malware

IT security and data protection company, Sophos, is warning Android users about malware being distributed disguised as the popular photo-sharing app, Instagram.

Cyber criminals have created fake versions of the Instagram Android app, which is designed to earn money from unsuspecting users, and have played on the popularity of the application. Recently acquired by Facebook for $1 billion, Instagram has millions of users around the world.

If Android owners download the app from unapproved sources, rather than official sites such as the official Google Play Android marketplace, they run the risk of infecting their smartphones. Once installed, the app will send background SMS messages to premium rate services, earning its creators revenue. Sophos products detect the malware, which has been distributed on a Russian Web site purporting to be an official Instagram site, as Andr/Boxer-F.

“Android malware is becoming an increasingly bigger problem,” says Brett Myroff, CEO of Sophos distributor, NetXactics. “We recently saw a bogus edition of the Angry Birds Space game, and it's likely that whoever is behind this latest malware is also using the names and images of other popular smartphone apps as bait.

“Infected Android devices are now effectively part of a botnet, under the control of malicious hackers, and users need to be extremely careful when downloading applications from sites, especially when they're not official Android markets.”

Curiously, the malware contains a random number of identical photos of a man.

With help from Internet users, Sophos was able to identify that the image comes from a Moscow wedding photograph, where he was dressed a lot more casually than other guests. The man's photo became widespread on Russian Internet forums, making the man something of a celebrity. “There is, however, no reason to believe that he has anything to do with the Android malware attack,” Myroff says.