Tech News

Fake Instagram App Contains Android Malware

April 18, 2012 at 2:09 pm

Just last week we warned you about a fake Angry Birds Space app that’s making the rounds on some third-party app stores, as well as on websites that allege to be official download spots for this popular mobile game. It looks like malicious hacksters are targeting more popular apps, hoping to get some downloads to install their trojans on your device. The latest target is photo sharing service Instagram. When Instagram hit Android it instantly became very popular, with tens of millions of downloads in the first week. Not long after that, it was purchased by Facebook for a hefty $1 billion. Naturally, this raised it up in the public awareness. While a few users chose to abandon the service, many more are joining the ranks of Instagrammers.

If you’re looking to jump on the instawagon, make sure you’re getting if from the Google Play Store, though. Sophos Security warns that some new Android Malware, identified as Andr/Boxer-F, is finding a home on some unofficial app stores, as well as several websites purporting to be an official download spot.

Fake Instagram Site

Downloading the fake app from one of these locations infects your device with malware that has the potential to steal sensitive data from you. Like in the Angry Birds case, this app is downloading some infected jpegs that help to spread the malware. The odd photos are all duplicates of one man, who is as yet unidentified.

Hi. I'm malware.

Sophos surmises that the multiple images can be used to change the “fingerprint” of the APK file, in order to avoid detection by some rudimentary virus scanners. In order to keep yourself safe, make sure you’re only downloading Instagram through an official channel. It’s never a good idea to grab an app from a random Russian website.

To subscribe, like us on Facebook