April 19, 2012 at 11:26 AM ET
Attention Android owners: Don't download the Instagram app from anywhere but the authorized Google Play store for Android apps. If you get it from an unknown source, you might risk loading a fake app that uses your phone to send text messages to make money for evildoers, according to a security analyst.
The ever vigilant Graham Cluley, who posts on the Naked Security blog run by the Sophos security software company, has flagged the Andr/Boxer-F Trojan in certain flavors of fake Instagram apps being distributed via private websites, rather than the Google or Instagram sites. One instance shared by Cluley was the official-looking Russian promo seen in the screenshot above.
We probably need not remind you that the malware makers are taking advantage of a frenzy of Instagram app downloading that has occurred since the company opened its floodgates to Android users. I should point out, it's a flood that doesn't seem to have abated with the subsequent news that beloved Instagram would be acquired by unprecedentedly popular but not-so-beloved Facebook for $1 billion.
"Naturally, the Facebook acquisition news raised Instagram to even higher levels of public awareness and that's where the bad guys stepped in," writes Cluley.