News that Facebook was buying Instagram, a free photo sharing program, for $1 billion in cash and stock, had the same effect on cybercriminals as bloody chum in the water has on sharks.
Suddenly fake websites advertising Instagram apps for Androids started turning up faster than musicians at a free post-concert buffet (If you’re wondering how fast that is, get in a position to watch a table full of free food after a concert. But, don’t get too close. We wouldn’t want you to get hurt in the rush.)
Anyway, these fake websites advertised free Instagram app uploads which hid Trojans that had users sending outrageously expensive international text messages. Presumably the creators of the malware made their money by getting a percentage.
According to zdnet.com, Sophos, which first discovered the malware, identified it as “Andr/Boxer-F”. Noting multiple photos of a man in the apk file (a packaging file format for the Android operating system), the company speculated that the photos were included more than once to change the fingerprint of the file, trusting that rudimentary anti-virus scanners wouldn’t be able to detect the difference in fingerprints.
While these cybercriminals may not be the smartest people technologically, they do know a good thing when they see one. zdnet.com reported, “A day after the acquisition announcement, Instagram became the top free iPhone app on Apple’s App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers).”