Android Users Targeted with Rogue Instagram Apps

Ever since Facebook purchased Instagram, the photo-sharing application’s popularity has increased considerably. As we said on past occasions, an app’s growing popularity makes cybercriminals focus their attention on it to launch malevolent schemes.

Security researchers from Trend Micro found a website that advertises a “free download” of the Instagram app. In reality, users who take the bait and click on the download link are served an apk file that hides a piece of malware.

The most worrying part about this rogue website is that it resembles the legitimate Instagram site that offers the genuine mobile application a great deal.

The same experts also came across a shady site that offers the Angry Birds Space application for Android devices.

This is not the first time we learn of the existence of fake Angry Birds Space games, but last time, when we found out about them from Sophos, the malicious apps were being served from unofficial Android markets.

Now, they’re served on websites that were specially developed to host the phony programs, identified by Trend Micro security solutions as ANDROIDOS_SMSBOXER.A.

In this particular scenario, both sites are designed to target Russian-speaking users, but they can be easily modified to target internauts worldwide.

“Based on our initial analysis, the malware will ask users to permit the sending of a query using short numbers to supposedly activate the app. In reality, this malware sends a message to specific numbers. The rogue app also connects to specific sites, to possibly download other files onto the device,” Karla Agregado, fraud analyst at Trend Micro, wrote.

Apparently, these are not the only apps served on Russian websites. Researchers have also found that the popularity of applications such as Fruit Ninja, Temple Run and Talking Tom Cat is also being leveraged in similar schemes.

Once again, we take this opportunity to remind everyone never to download software designed for Android devices from untrusted sources, even if they visually resemble legitimate ones.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.