If there is one thing our readers should avoid, it is getting their apps and games from unofficial sources (read as cracked, patched etc. etc.). We yesterday reported the popular Angry Birds loaded with malware being offered at some places other than Google Play Store. This time it is Instagram, the popular photo sharing app whose parents have just been bought by Facebook for a whopping $1 Billion.
Sophos analyzed the app and found out the following
In our tests, the app didn’t do a very good job of emulating the genuine Instagram app, but that may be because it failed to find the correct network operator. Because this is a malicious app that seems to be relying in the sending of background SMS messages to earn its creators revenue.
Sophos products detect the malware as Andr/Boxer-F.
Curiously, contained inside the .APK file is a random number of identical photos a man.
Maybe the reason why his picture is included multiple times is to change the fingerprint of the .APK in the hope that rudimentary anti-virus scanners might be fooled into not recognising the malicious package.
Easy cash from unsuspecting users who use popular apps is an age old trick, but always delivered promisingly functional.
Even if you have gone on the wrong side of the road, you should immediately uninstall the app and perform a thorough scan using a good antivirus. It is better not to have an app than to lose loads of money.
What do you think???