April has been a big month for Instagram. The popular sharing service was bought by Facebook for $1 billion dollars, shortly after opening their platform to Android devices. Now the app that allows smartphone users to add a little extra to their amateur photography was used to deliver a little extra to unsuspecting Android users.
Sophos’ blog nakedsecurity warns that illegitimate versions of the Instagram app are in the wild, with the Andr/Boxer-F malware attached. This marks two popular apps that have been copied, altered and distributed with Trojans in the past week. It is likely that there are other infected copycat apps lurking about, so make to keep an eye on where you’re downloading your apps from.
According to nakedsecurity, one illegitimate distributor of Instagram was a Russian website posing as Instagr.am. In addition to the Andr/Boxer-F malware that sends text messages from the infected phone to earn the creators revenue, nakedsecurity found that the APK files contain a random number of identical photos of a man, taken from a Russian forum meme.
That’s right, the infected Russian version of Instagram sends wedding pictures from the Internet to you.
Don’t download apps from shady sources when you can snag them from Google Play or other trusted sites. Unless you have a reason, such as to snag a root tweak, it’s an unnecessary risk. You can get the official release of Instagram from the Google Play market for FREE, from the developer ID’d as Instagram.
If you’ve seen another suspicious APK package floating around, or if you’re just an aficionado of Russian memes, let us know in the comments section below.