The Inquirer-Home

Fake Instagram app infects Android smartphones

Malware detected on a Russian web site
Thu Apr 19 2012, 13:41

A MALWARE CLONE of the snap happy smartphone app Instagram is infecting Android devices, security firm Sophos has revealed.

The fake version of the popular app was detected by Sophos on a Russian web site and subsequently dubbed "Andr/Boxer-F".

Sophos warned in a Naked Security blog post, "If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone."

Google launched Instagram for Android on its Google Play market just over two weeks ago and since then it has garnered over five million downloads. In the same week, Facebook bought the 13-employee firm for a hefty $1bn. However, after a run of good news, this malware attack is likely to rain on Instagram's parade.

Sophos said that "the Facebook acquisition news raised Instagram to even higher levels of public awareness, and that's where the bad guys stepped in."

Sophos senior technology consultant Graham Cluley told The INQUIRER, "We've seen a number of malicious apps on the Android platform posing as popular legit programs - like Angry Birds Space for instance."

"[The fake Instagram app] has been written to generate income for the bad guys, by sending SMS messages to premium rate services," he explained.

Sophos said it had discovered a random number of identical photos of a man inside the fake Instagram app's Android application package (.APK) file. The security company updated its post later today, saying that Naked Security blog reader @DakotaMistress had pointed it to a Moscow wedding photo depicting a casually-dressed witness with his hands in his pockets.

Sophos learned that the man had become something of an internet phenomenon after his photo was shared widely on Russian internet forums, "but the reality is that it's just a snapshot at a Moscow wedding," Sophos said, deducing that finding the guy will be like looking for an Anonymous hacker. That is, if the wedding guest even has anything to do with the fake app.

The only explanation Sophos could think of as to why this man's picture is included multiple times in the file was to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognising the malicious package.

Yet not all users might be fooled by the phony photo snapping app, as according to Sophos' lab tests the malicious app didn't do the best job of emulating the genuine Instagram software. Sophos said that this might be because it failed to find the correct network operator while relying on sending background SMS messages to earn its creators revenue.

According to Cluley it is also likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait.

Last week, Sophos reported a bogus edition of the Angry Birds Space game that was being used in another attack, highlighting the fact that mobile operating systems, especially Android, are becoming increasingly vulnerable.

When asked why the Google Play market in particular is much more susceptible to these kinds of malware, Cluley explained, "The issue is that Apple runs a much tighter ship when it comes to apps. You have to go to quite a lot of effort to install apps from unauthorised sources on your iPhone, but on Android it's a doddle."

"As a result, it's easy for Android users to pick up apps from dodgy sources, which have not been vetted, and could be malicious," he added. µ


Share this:

blog comments powered by Disqus
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

INQ Poll

Happy new year!

What tech are you most looking forward to in 2015