Android malware writers exploit Instagram craze to distribute SMS Trojan horse

Fake Instagram websites distribute Android Trojan horse that sends SMS messages to premium-rate numbers

In an attempt to take advantage of the popularity of free photo-sharing app Instagram among smartphone users, malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.

Originally developed for Apple's iOS devices, Instagram allows smartphone users to take photos, apply various digital filters to them and share the resulting images on social networking websites. There are over 30 million registered Instagram accounts as of April 2012, according to its creators.

At the beginning of April, an Android version of the app was released on Google Play and it was downloaded more than one million times during the first 12 hours.

The company that developed Instagram was acquired by Facebook for almost US$1 billion on April 12, which attracted the attention of the media and, as it usually happens with popular events, that of cybercriminals.

"We discovered a spoofed web page containing a rogue version of Instagram," Trend Micro fraud analyst Karla Agregado said in a blog post on Tuesday. "The said web page mimics Instagram‘s legitimate download page."

The fake Instagram website contains text in Russian and distributes an Android Trojan horse that, once installed, sends SMS messages to premium-rate numbers without the phone owner's authorization, said Graham Cluley, senior technology consultant at Sophos, in a blog post on Wednesday.

The rogue app's installer, also called the APK, contains several pictures of a man that has been the subject of a photobomb-type meme in Russia. A large number of random images with this man's picture digitally added into them can be found on Russian websites.

It's not clear why the creators of this Android malware decided to include this photo into the malicious APK, but it isn't the first time this has been done. In February, security researchers from Symantec reported about server-side polymorphic Android malware that contained the same picture.

"It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait," Cluley said.

Last week, security researchers from Sophos reported about a similar piece of Android malware that masqueraded as the new Angry Birds Space game in order to trick users into installing it on their phones.

Trend Micro researchers have seen several fake websites during the past few days that masquerade as download pages for popular games like Fruit Ninja, Temple Run or Talking Tom Cat, Agregado said. "Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores."

CHANNEL CHOICE: Vote Now for your favourite in the three categories: Vendor, Distributor and Reseller. Voting closes August 8.

More about AppleFacebookGoogleSophosSymantecTrend Micro

ARN Directory | Distributors relevant to this article

ARN Directory | Vendors relevant to this article

Comments

Comments are now closed

 

Latest News

11:44AM
Vodafone re-allocates 850MHz 4G spectrum a week after Telstra and Optus 700MHz l...
11:40AM
Sitecore tackles Western Australia with Velrada partnership
10:32AM
Email to make way for automation: KPMG
09:14AM
Huawei targets European football Clubs with FanPlay partnership
More News
29 Jul
SplunkLive!; Canberra
05 Aug
Systems Technology Day - Build Your Own Private Cloud
06 Aug
Oracle Employee Experience Journey Mapping Workshops
20 Aug
Westcon Group Imagine 2014 - Melbourne
View all events