Android malware writers exploit Instagram craze with SMS Trojan
Fake Instagram websites distribute Android Trojan horse that sends SMS messages to premium-rate numbers
By Lucian Constantin | Published: 09:48, 20 April 2012
Malware writers have created fake Instagram websites to distribute Android Trojan horses, according to security researchers from antivirus firms Sophos and Trend Micro.
Originally developed for Apple's iOS devices, Instagram allows smartphone users to take photos, apply various digital filters to them and share the resulting images on social networking websites. There are over 30 million registered Instagram accounts as of April 2012, according to its creators.
At the beginning of April, an Android version of the app was released on Google Play and it was downloaded more than one million times during the first 12 hours, and now malware writers are trying to take advantage of the popularity of free photo-sharing app.
Related Articles on Techworld
The company that developed Instagram was acquired by Facebook for almost $1 billion on April 12, which attracted the attention of the media and, as it usually happens with popular events, that of cybercriminals.
"We discovered a spoofed web page containing a rogue version of Instagram," Trend Micro fraud analyst Karla Agregado said earlier this week. "The said web page mimics Instagram‘s legitimate download page."
The fake Instagram website contains text in Russian and distributes an Android Trojan horse that, once installed, sends SMS messages to premium-rate numbers without the phone owner's authorisation, said Graham Cluley, senior technology consultant at Sophos.
The rogue app's installer, also called the APK, contains several pictures of a man that has been the subject of a photobomb-type meme in Russia. A large number of random images with this man's picture digitally added into them can be found on Russian websites.
It's not clear why the creators of this Android malware decided to include this photo into the malicious APK, but it isn't the first time this has been done. In February, security researchers from Symantec reported about server-side polymorphic Android malware that contained the same picture.
"It's quite likely that whoever is behind this latest malware campaign is also using the names and images of other popular smartphone apps as bait," Cluley said.
Last week, security researchers from Sophos reported about a similar piece of Android malware that masqueraded as the new Angry Birds Space game in order to trick users into installing it on their phones.
Trend Micro researchers have seen several fake websites during the past few days that masquerade as download pages for popular games like Fruit Ninja, Temple Run or Talking Tom Cat, Agregado said. "Users are advised to remain cautious before downloading Android apps, specially those hosted on third-party app stores."