Finally, after what seemed like an eternity of waiting, Android users recently got their hands on a version of Instagram they could call their own. The photo filter and sharing app was a runaway success with iPhone users, and it’s been one of the hottest apps in Google Play since it launched. Popularity comes at a price sometimes, and on the Android platform that price is often the rise of knock-off malware apps.
Sophos has spotted a Russian website that pretends to be offering visitors an Instagram download, but it’s a wolf in sheep’s clothing. Once installed, the fake app tries to line its creators’ pockets and rack up charges via background SMS messages.
But before we all board the “Android malware is a massive problem” train, it’s important to note that this fake Instagram app can only be installed if users have flipped the switch to allow unofficial sources. If you stick to stores like Google Play and Amazon Appstore, you’re not going to run into this Trojan — or many other malicious apps for that matter. If you roam the web and download .APK files from questionable websites without giving a second thought to security, you’re asking for trouble.
While poseur malware is certainly a problem, there are plenty of other folks much more concerned that the official Instagram app may have crossed over to the dark side. Everyone’s favorite little photo app is now owned by Mark Zuckerberg and company, following the highly-publicized $1 billion acquisition of the 13-employee shop.
More at Sophos
