Android malware writers exploit Instagram craze to distribute SMS Trojan horse

Fake Instagram websites distribute Android Trojan horse that sends SMS messages to premium-rate numbers

In an attempt to take advantage of the popularity of free photo-sharing app Instagram among smartphone users, malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.

Originally developed for Apple's iOS devices, Instagram allows smartphone users to take photos, apply various digital filters to them and share the resulting images on social networking websites. There are over 30 million registered Instagram accounts as of April 2012, according to its creators.

At the beginning of April, an Android version of the app was released on Google Play and it was downloaded more than one million times during the first 12 hours.

The company that developed Instagram was acquired by Facebook for almost US$1 billion on April 12, which attracted the attention of the media and, as it usually happens with popular events, that of cybercriminals.

"We discovered a spoofed web page containing a rogue version of Instagram," Trend Micro fraud analyst Karla Agregado said in a blog post on Tuesday. "The said web page mimics Instagram‘s legitimate download page."

The fake Instagram website contains text in Russian and distributes an Android Trojan horse that, once installed, sends SMS messages to premium-rate numbers without the phone owner's authorization, said Graham Cluley, senior technology consultant at Sophos, in a blog post on Wednesday.

The rogue app's installer, also called the APK, contains several pictures of a man that has been the subject of a photobomb-type meme in Russia. A large number of random images with this man's picture digitally added into them can be found on Russian websites.

It's not clear why the creators of this Android malware decided to include this photo into the malicious APK, but it isn't the first time this has been done. In February, security researchers from Symantec reported about server-side polymorphic Android malware that contained the same picture.

"It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait," Cluley said.

Last week, security researchers from Sophos reported about a similar piece of Android malware that masqueraded as the new Angry Birds Space game in order to trick users into installing it on their phones.

Trend Micro researchers have seen several fake websites during the past few days that masquerade as download pages for popular games like Fruit Ninja, Temple Run or Talking Tom Cat, Agregado said. "Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores."

CHANNEL CHOICE: Vote Now for your favourite in the three categories: Vendor, Distributor and Reseller. Voting closes August 8.

More about AppleFacebookGoogleSophosSymantecTrend Micro

ARN Directory | Distributors relevant to this article

ARN Directory | Vendors relevant to this article

Comments

Comments are now closed

 

Latest News

12:20PM
Zendesk expands Melbourne operation
12:18PM
Planet Tel acquires Via IP to move into wholesale aggregation
11:18AM
Apple grows Mac sales by 18 per cent on the back of the MacBook Air
10:45AM
Vodafone relying on high-value subscribers amid 137,000 customer loss
More News
23 Jul
Dell Connected Security: Listen to what the experts have to say about security
24 Jul
The Rise of the Challenger Marketer
24 Jul
Veeam’s Crazy 8 Roadshow
24 Jul
Executive Sales Breakfast Briefing
View all events