According to Sophos' senior technology consultant, Graham Cluley, cybercriminals have played on the popularity of the Instagram app, which has millions of users around the world, and if Android owners download the app from unapproved sources, rather than official sites such as the official Google Play Android marketplace, they run the risk of infecting their smartphone.
'Once installed, the app will send background SMS messages to premium rate services earning its creators revenue,' Cluley says.
"Android malware is becoming a bigger and bigger problem. Just last week, we saw a bogus edition of the Angry Birds Space game and it's quite likely that whoever is behind this latest malware are also using the names and images of other popular smartphone apps as bait. Infected Androids are now effectively part of a botnet, under the control of malicious hackers. Android users need to be extremely careful when downloading applications from sites, especially when they're not official Android markets," Cluley warns.
According to Cluley, Sophos products detect the malware, which he says has been distributed on a Russian website purporting to be an official Instagram site, as Andr/Boxer-F.
'Curiously, the malware contains a random number of identical photos of a man.With help from internet users we were able to identify that the image comes from a Moscow wedding photograph, where he was dressed a lot more casually than other guests. The man's photo became widespread on Russian internet forums, making the man something of a celebrity. There's no reason to believe, however, that he has anything to do with the Android malware attack."