Security Threat

More PUPs Sighted, Using Instagram as Lure

With news of Instagram finally beating Twitter in terms of overall usage, it’s high time that we stop, look back, and remind ourselves of the potential dangers lurking on the net specifically crafted to target Instagram users and lurkers alike.

In late March, the digital marketing research and analysis company eMarketers published data pointing out that Instagram surpassed Twitter in terms of active mobile users in the US by 2.7 million.

They expect numbers to steadily grow until at least 2016. For details on how eMarketers came up with and put together their data, we suggest you read their article entitled “Instagram Usage in the US Surges 35% in 2013, Rivals Twitter for Smartphone Audience“.

With reports such as this popping up every now and then, I, for one, can’t help but check for new, possible threats—files and sites alike—that take advantage of a software’s popularity and could spell bad news for users.

In the case of Instagram, what we’ve seen out there could pose greater risk than, say, your average phishing site.

Doing a Google search surely yields sites where one can download several programs involving Instagram. Some of which can either be classed as “image viewers” or “image and video downloaders” publicly-accessible accounts. Most of the files I sampled below belong to the latter:

instagramMostly bundled files

Since Instagram can be visited via Web browsers, we can easily say that these downloads target any Windows computer user who just want to keep copies of photos and videos that are likely not their own.

We ran these potentially unwanted programs (PUPs) on VirusTotal and got the following information:

  • File name: instagramdownloader-
  • SHA256: d6495ffb6a0c388ae4d5b81c16ef4bdaee4604491b21d857d0955378336d4c84
  • Detected as: PUP.Optional.OpenCandy (13/51)
  • File name: instagramdownloader-
  • SHA256: d6495ffb6a0c388ae4d5b81c16ef4bdaee4604491b21d857d0955378336d4c84
  • Detected as: PUP.Optional.OpenCandy (9/51)
  • File name: free-instagram-downloader-230-32-bits.exe
  • SHA256: d65fd9b672bfc1093df20f0b9a7c6f812426c7b45085d04137d07b4a794830ba
  • Detected as: PUP.Optional.InstallCore.A (12/52)
  • File name: Setup_Instagram_Hacker.exe
  • SHA256: ba2211beec48e3ea3e56b2e6374901133829c9451edb17a013cf0e3dadc4b37b
  • Detected as: Trojan.Hacktool.Agent (7/52)
  • File name: instagram-downloader-20-32-bits.exe
  • SHA256: 7a855afccb23dedbb722b322d960b70ff63aa1c4dcdacf7c8c65a6f60748c829
  • Detected as: PUP.Optional.InstallCore (12/51)
  • File name: Instagram_Downloader-2.3.0.exe
  • SHA256: 31538a48a02049d75facecec8d0ba028cbbe0e8e6918dab61346e7cdf926f62f
  • Detected as: PUP.Optional.OpenCandy (13/51)

Of course, users of Malwarebytes Anti-Malware are protected from all these files.

Sample download GUI of one of the filesSample download GUI of one of the files

Internet slowdown, unwanted redirection to sites and possible installation of other programs without the user’s consent are just some of the obvious signs users may experience once these programs are installed.

Like what we always advise our blog readers, please avoid downloading such programs onto your system as doing so will increase its security risks.

Jovi Umawing

2 thoughts on “More PUPs Sighted, Using Instagram as Lure

  1. Mina Salah says on May 8, 2014 at 2:52 am :

    Hi Jovi
    Malwarebytes Anti-Malware doesn’t detect file name: Setup_Instagram_Hacker.exe according to attached link for virus total results & you mentioned that Malwarebytes Anti-Malware detects all of these PUP files

  2. Jovi Umawing says on May 8, 2014 at 5:46 am :

    Hello, Mina Salah :) Sometimes, it takes time for VT to update their scanners; however, upon testing the file internally, we do detect “Setup_Instagram_Hacker.exe”. I scanned the filed again via VT and the latest findings now reflect the correct detections. Here’s the link:

    I have also update the blog entry :)


Leave a Reply

Subscribe to our YouTube Channel