The release of an Android app and the $1 billion Facebook acquisition has put Instagram in the headlines of late, and not surprisingly, cyber scammers have already moved in to capitalize on this popularity.
Security firm Sophos identified several fake Instagram apps across the Web, which are intended to “earn money from unsuspecting users,” analyst Graham Cluley wrote in a blog post.
Cluley pointed to a Russian website that claimed to offer the Android version of the Instagram app. But “If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone,” Cluley wrote.
In testing the app, Cluley said Sophos found that the fake app was sending background SMS messages in order to earn revenue for its creators. Overall, it did a poor job of emulating the Instagram experience.
The malware in question on the app is known as Andr/Boxer-F.
The discovery comes shortly after Sophos also identified fake Angry Birds Space apps. “It’s quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait,” Cluley wrote.
Oddly, Sophos points out, the fake Russian Instagram app includes a photo of an unidentified man in the .APK file, who looks vaguely like Will Ferrell.
“Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognizing the malicious package,” Cluley speculated.
On Google Play, formerly known as Android Market, there are a few apps that take advantage of the Instagram name – Instaroid, InstaPics, Instagram Heaven, and InstaG, among others – but none that appear to spoof it outright in the hopes of pulling in unsuspecting users.
Android malware was big news in 2011. Unlike Apple, Google does not have a strict approval process in place for its Android Market, and while that might make for a more open environment, it also makes the store vulnerable to some dangerous apps.
To address this issue, Google in February added a new layer of security to Google Play, dubbed Bouncer, that will scan apps for evidence of malware.
For more from Chloe, follow her on Twitter @ChloeAlbanesius.
For the top stories in tech, follow us on Twitter at @PCMag.
Article source: http://www.pcmag.com/article2/0,2817,2403207,00.asp