Fake Instagram app infects Android devices with malware

InstagramTempted to try out the much talked about Instagram app? Well, be careful where you get it from – as malware authors are distributing malware disguised as the popular app.

It’s a rain cloud on a summer’s day for the Instagram photo-sharing smartphone app, which is otherwise having a glorious time right now.

First of all, Instagram released a first version for Android and managed to get five million downloads in less than a week.

Then the 13-employee firm managed to sell itself to Facebook for a cool $1 billion, making some of us wonder about privacy, and others think – “to heck with that, do I have a program that’s never earnt any money that I might be able to flog to Mark Zuckerberg?”.

Sign up to our free newsletter.
Security news, advice, and tips.

Naturally, the Facebook acquisition news raised Instagram to even higher levels of public awareness and that’s where the bad guys stepped in.

Cybercriminals have created fake versions of the Instagram Android app, designed to earn money from unsuspecting users.

Here’s a Russian website which purports to offer the Instagram app:

Fake Instagram website

If you download your app from this site, rather than an official Android marketplace such as Google Play, then you are running the risk of infecting your smartphone.

Permissions requested by fake Instagram app

In our tests, the app didn’t do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue.

Sophos products detect the malware as Andr/Boxer-F.

Android malware is becoming a bigger and bigger problem, of course. Just last week we reported on a bogus edition of the Angry Birds Space game that was being used in another attack.

It’s quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait.

Photo inside malicious appCuriously, contained inside the .APK file is a random number of identical photos a man.

Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognising the malicious package.

We have no idea who the man is or whether there is a reason why his picture has been chosen to include in the download.

Could he be the malware author? A family friend? A celebrity? Someone who the malware author has a bone to pick with?

If you have any thoughts on this perplexing aspect to the case, please let us know by leaving a comment.

Update:
Thanks to reader @DakotaMistress (and others), who pointed us in the direction of this Moscow wedding photo – with a rather casually-dressed witness, with his hands in his pockets:

Picture of Moscow wedding

It seems the man pictured become something of an internet phenomenon after his photo was shared widely on Russian internet forums. But the reality is that it’s just a snapshot at a Moscow wedding.

We’ve all seen someone dressed a little too casually at a wedding before, so it’s probably something that we can all relate to. :)


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.