Instagram has made a lot of headlines lately, mostly in regard to Facebook's purchase of the company for a reported $1 billion. What has gotten considerably less coverage, however, is the fact that cybercriminals have started using the Instagram name to find new ways to deliver Trojan horse software to Android smartphone users.
The scammers have set up a fake Instagram website that mimics the real thing, though the fake site has text in Russian instead of English. A download link on the page downloads and installs an altered version of the Android Instagram app which has a nasty surprise hidden inside. Once installed, the fake Instagram app begins sending SMS text messages from the user's phone to premium service numbers without the user's knowledge or consent. Scammers earn a commission on these messages, of course.
As if that weren't enough, there are a few fishy things about the fake Instagram app as well. The app does allow users to view pictures, but the pictures contain altered versions of photographs that have had a Russian man added to them digitally; the pictures are part of a popular "photobomb" meme in Russia where the man is added to the background of a wide variety of scenes. The meme is popular enough that its pictures have actually shown up in malware before, including some of the same pictures that are included with the Instagram app.
Similar Trojans have been discovered recently that mimic other popular apps, including the new Angry Birds Space game and other games such as Fruit Ninja and Temple Run. The creators of the malware try to take advantage of whatever is popular at the time, making some quick money at the expense of those who are interested in taking part in the latest game or app craze. If the app doesn't appear to work, users might assume that the cut-rate version is simply broken and not give it a second thought until they start getting huge bills from their cellular providers from premium text messaging charges.
As mobile operating systems become more popular on both cell phones and tablets, it's more important than ever to make sure that you only install apps from trusted locations such as the Android Marketplace, the Windows Phone Store and the iTunes Store. It's incredibly easy for tech-savvy cybercriminals to create professional-looking spoof sites that claim to offer popular software at a discount, only to provide you with malware and spyware instead. Some may not be as obvious as the Instagram malware, either; instead of racking up SMS charges and showing photobombed images, installed spyware might simply raid your contacts to feed spam lists or steal passwords when you log in to Facebook or mobile banking accounts. (See images)
In 2011, an estimated 500 million smartphones and tablets were sold. According to Trend Micro, every second five new threats against computers are released by cybercriminals. Smartphones and tablets are nothing more than mini-computers. If you haven't taken the time to secure your smartphone and its content --you should do so now. If not now, when?
To find out more info on how to prevent downloading malicious apps and other safety tips, you may want to read the following e-guides:
•5 Simple Steps to Secure Your Android-Based Smartphones
•When Android Apps Want More Than They
NEWSLETTER SIGN UP
SUBSCRIBE
CONTACT
Leave a comment