It was almost inevitable. Trying to capitalize on the mega-popular photo sharing application Instagram, the first reported batch of cybercriminals have created a fake version of the Android (News - Alert) app that tries to steal money from victims.
Mashable reported the news today, which originally broke at the website Naked Security, a research/news site owned by Sophos. The fake Instagram app is available for Android devices, and it reportedly tries to steal money via fake SMS text messages sent after the app is downloaded. Sophos didn’t say exactly how and where the criminals try to get the victim to send money, but it’s most likely some sort of “premium” service offer or something related to trick users into sending money.
The fake Android app contains malware, which affects the Android device itself. Sophos testing found it contained the Trojan Andr/Boxer-F. It also found several versions of a photo of a man in the .APK file, which was very peculiar. Sophos states it’s probably some sort of attempt to fool antivirus programs.
The fake app appears to be created by Russian cybercriminals due to the fact it is downloadable at a Russian website. The best way to avoid downloading the fake app is to only download Instagram from the Google (News - Alert) Play marketplace.
The real Instagram Android app currently has more than five million downloads since it originally launched recently at the Google Play marketplace.
The announcement of the fake Instagram app comes on the heels of news of a fake version of the Android Angry Birds Space game circulating the Internet last week. This malicious app installs a Trojan horse on the infected Android phone, which gives cybercriminals control of the phone and information in it. Only downloading apps from the Google Play marketplace, and not individual websites, is the best way to prevent these types of attacks.
Edited by Jennifer Russell