12:23 GMT, 19 April 2012
12:24 GMT, 19 April 2012
If you’ve downloaded the hit app Instagram for Android, you could be in for a huge mobile phone bill.
A ‘clone’ site offers an infected version of the Android app which sends SMS messages to premium services, running up enormous bills.
The app has millions of users around the world, and was recently acquired by Facebook for $1 billion.
The application sends secret SMS messages to premium numbers, leaving users with enormous bills
A fake site offering Instagram has infected Android users with an app that sends SMS messages to premium numbers, running up enormous bills
The app is filled with images of this ‘mystery man’ – a joke from Russian internet forums
Rather surreally, the app is also filled with pictures of a Russian ‘mystery man’ – apparently a cult joke on Russian websites, from a photo showing a casually dressed man at a Russian wedding.
Android users are at risk if they downloaded the app from sites other than the official Google Play market.
The malicious software was picked up by anti-virus company Sophos.
‘Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users,’ says Graham Cluley, senior technology consultant at Sophos.
‘Cybercriminals have played on the popularity of the Instagram app – which
If Android owners download the app from unapproved sources, rather than official sites such as the official Google Play Android marketplace, they run the risk of infecting their smartphone.’
The app is also filled with images of a man (far right) whose image is often traded on Russian internet forums
Less fun than it seems: The app looks identical to the real game – and even works – but infects phones with malicious software
‘Once installed, the app will send background SMS messages to premium rate services earning its creators revenue. Sophos products detect the malware, which has been distributed on a Russian website purporting to be an official Instagram site, as Andr/Boxer-F.’
‘Android malware is becoming a bigger and bigger problem,’ said Graham Cluley, senior technology consultant at Sophos.
‘Just last week, we saw a bogus edition of the Angry Birds Space game and it’s quite likely that whoever is behind this latest malware are also using the names and images of other popular smartphone apps as bait.’
Unlike phones running Apple’s iOS, Android handsets can install and run apps from any source.
leaves them vulnerable to malicious software – and even Google’s Play
store often has ‘fake’ apps which infect phones with malicious apps.
Here’s what other readers have said. Why not
debate this issue live on our message boards.
The comments below have not been moderated.
Please red arrow this if you want, but oh, it reminds me of all the reasons I fled PC’s years ago to the dark side, Apple. Not that I’m blowing a trumpet for them, Apple still makes me pull my wool out at times! It’s not pc snobbery, I just feel safer with iPad and Mac, especially doing online banking. Though iPad and Mac users still have to be vigilant!!!!
I’m just glad that i’ve still got a PHONE which only makes and receives calls – fancy that! – Chris, Cheshire, 20/4/2012 00:58 Well if you upgraded you could post your inane comments from your PHONE – fancy that!
The solution to prevent software like this from being installed is to only use apps from the Google site and to install decent security software on your phone. There are lots of security apps out there, the most effective tend to be from the well known PC security software makers.
You’d have to be silly to accept the permissions when installing this then.
Also who downloads content from non official places unless they know what they’re doing?
I’m just glad that i’ve still got a PHONE which only makes and receives calls – fancy that!
So, in other words almost no Instagram users have been “hit” by this fake app as the OVERWHELMING majority will have downloaded the app from the legitimate Google Play Store. Thanks for not exaggerating the problem. Phew!
Sorry, if you’re too stupid to install an app like that, with those unnecessary permissions, you deserve to get robbed.
Can someone please translate what `Geroge, Leeds` is trying to say??
Never give out your phone number online.
Many fake apps and dodgy sites will exhort you to ‘STOP’ the messages by texting a number, but this is the same thing.
End of the day, this is only going to affect the sort of person that when installing something on their home PC hits next to all the install questions without reading them and then wonders why they’ve got a million toolbars / spam pop-ups in Internet Explorer.
All apps weather from external sites lists all the permissions it requires access to. If you going to install a screen saver that needs access to “services that cost you money” then you deserve all you get!
There are a lot of people out their with IPhones Jail Broken who face the same perils, so this isn’t really android specific in my opinion.
The views expressed in the contents above are those of our users and do not necessarily reflect the views of MailOnline.
We are no longer accepting comments on this article.