Security researchers from Trend Micro and Sophos recently uncovered malicious versions of the popular Instagram app for Android. The malware is identified by Sophos as Andr/Boxer-F, and by Trend Micro as ANDROIDOS_SMSBOXER.A.
“The Instagram hype is higher than ever, and malware writers are of course looking to cash in,” writes ZDNet’s Emil Protalinski. “They have set up fake websites advertising fake Instagram apps, which by the way don’t really do a good job of looking like the real Instagram app. The devil is in the details: in the background, the malicious app sends expensive international text messages to earn its creators revenue.”
“Based on our initial analysis, the malware will ask users to permit the sending of a query using short numbers to supposedly activate the app,” writes Trend Micro’s Karla Agregado. “In reality, this malware sends a message to specific numbers. The rogue app also connects to specific sites, to possibly download other files onto the device.”
“Curiously, contained inside the .APK file is a random number of identical photos [of] a man,” notes Sophos’ Graham Cluley. “Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognising the malicious package. We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download.”
“On Google Play, formerly known as Android Market, there are a few apps that take advantage of the Instagram name — Instaroid, InstaPics, Instagram Heaven, and InstaG, among others — but none that appear to spoof it outright in the hopes of pulling in unsuspecting users,” notes PCMag.com’s Chloe Albanesius.