The app is made to look like Instagram and can be found in app stores other than Google Play, Google’s official Android app market. Once downloaded, the app infects mobile devices with malware that sends SMS text messages, Mashable reports.
The knock-off was first discovered by security site Sophos, which found that the app can be identified by a telltale sign, if you know where to look. Inside the app’s .APK file, which users can access with a file manager application, are several strange photo files. These are actually a picture of a man identified in a Russian Internet meme, popular in the apparent country of the malware’s origin, and Sophos speculates the reason for their inclusion in the .APK file is to change the way the file looks to virus scan software and throw security programs off the app’s scent.
Unfortunately, it makes a great deal of sense that cybercriminals would target Instagram. The app has blown up on Android in just the first three weeks since its release on the platform, and was called for by Android users pretty much since its original release on Apple’s iOS platform. After more than a year as an iOS exclusive app, becoming extremely popular and garnering a community of more than 30 million users, Instagram hit Android. It pulled down 5 million downloads in just its first three weeks of existence.
Instagram’s success hasn’t been limited to its mobile apps, either. Just days after rumors of a $500 million valuation for the company that would have gained it lots of fresh investment capital, Instagram was bought by Facebook to the tune of $1 billion. All that recent success makes it a prime target for criminals.
The best defense against downloading a malicious version of Instagram, or any app, is to have quality malware-scanning software on your Android device. It’s also good to be very sure of what app you’re downloading. In the case of Instagram, downloading it from Google Play is the best way to know you’re getting the right app.