SECURITY VENDOR Symantec has warned of a scam targeting Instagram users via Facebook in the form of an application called "Instagram for PC".
The security firm claims that over 4,000 people have posted about the "Instagram for PC" website on Twitter and Facebook, while over 2,000 have shared it on Google+, for a total of over 10,000 social shares.
The application claims to run Instagram in an emulator so PC users can access the service without a phone.
When checking out the application for shifty activity, Symantec Security Response manager Satnam Narang found that there were two separate downloads available of "Instagram for PC", both of which seemed suspicious upon closer inspection.
The first version of the application Narang found was downloaded in the form of a large RAR archive that bundled a series of dynamic link library (.dll) files along with the supposed application. This included a rather fishy smelling Missing Dynamic Link Library (.dll) file.
"When a user attempts to run the application, they will be greeted with what looks like a login screen for Instagram. In reality, this login screen is a fake. If a user tries to login, they receive a phony 'Fatal error 2.4.5' message, claiming there is a missing .dll file," Narang explained in a blog post on Tuesday.
The fatal error message asks the user if they would like to download the missing file. If the user then selects Yes in the dialog box, they are redirected to a page that discusses the error and how it can be fixed.
"The language used to explain the error is fishy. Not only that, but the page claims that if the download won't' work, the user should click a variety of social sharing options before trying the download again."
When a user tries to download the missing .dll file, they're then asked to fill out a survey.
"This is just another vehicle for the scammers to convince users to fill out surveys, so they earn money through shady affiliate [programmes]," Narang warned.
The second suspicious download of "Instagram for PC" found by Symantec insists that users "Activate Instagram" for the app to work.
"The most recent version of Instagram for PC now claims that in order for the application to work, the user needs to 'activate' Instagram. At the bottom of the application, there's even a warning in red text that the service is 'not activated'," Narang wrote.
Clicking on a "click here to activate" box results in a new pop-up window that again asks the user to "complete a quick offer or survey" in order to activate Instagram.
"Both of the supposed versions of Instagram for PC do not deliver as promised," Narang warned.
Although there was no malicious functionality bundled with the software, such as a keylogger or backdoor, users that want to access instagram from their desktop machines should steer clear of this malicious application, Symantec warned, as you can simply access the photo sharing website at instagram.com anyway.
"If you are a social network user, be wary of scammers trying to find ways to convince you to provide your login details, install applications, or copy and paste code into web pages," Narang said. "Do not click on suspicious links and report any suspicious links using the reporting functionality within Facebook and other social networks. These are all tactics that have been used time and time again because they work." µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted