There’s something to be said for a smartphone app that has in less than 4 years managed to acquire more than 200 million users – 40.5 million of which log on at least once a month. They call it Instagram, and its overwhelming popularity proves just how much people like to take pictures with their smartphones and share them with the world.
Google Instagram, and besides the latest tabloids about celebrities using it to post provocative selfies, you’ll find a few more pertinent links that convey a lot of information. The first one will be Instagram.com, and if you go to it from your PC you’ll find a landing page that encourages you to download the Instagram app to your smartphone. Scroll down a bit on your Google Search, and you’ll also find the Instagram Wikipedia page, which in its History section states that in 2012 Facebook bought Instagram for a modest 1 billion American dollars.
So what do we have here?
A lot of users, a lot of money, and a lot of room for malware.
Instagram PUPs Designed for the PC
That over 40 million people log on to Instagram at least once a month makes for quite the mobile malware target. Instagram is itself an app – designed to help its users share their photos with family and friends through both the Instagram network and through an automatic sync to Facebook, Twitter, and Tumblr. Imagine, then, if a malware author decided to create a malicious app designed to pilfer Instagram credentials. In one fell swoop, that author could gain access to every single one of your social media profiles and wreak digital-identity havoc.
Scenarios like these are exactly why we have created Emsisoft Mobile Security.
Such scenarios don’t have much to do with your PC or PUPs, though – and, since both of those terms are contained within the title of this article, the Instagram malware rabbit hole indeed goes deeper.
First a word on PUPs: they are potentially unwanted programs that usually come bundled with other, legitimate software. They are designed primarily for the purpose of advertisement, and in addition to slowing down your computer they can be extremely annoying. PUPs are not legally malware, but they come pretty darn close. (For more on PUPs, see our Security Knowledgebase: What is a PUP? or A Typical Day at Emsisoft’s HQ, which recounts our CEO’s real-life encounter with a PUP Peddler.)
Now: What if someone made a PUP for Instagram?
There’s no doubt that marketers have targeted the hugely popular app as the next ad-mecca, so what’s to stop the makers of PUPs from doing the same? According to a recent insight from one of our rivals, absolutely nothing at all. It’s already happening, and it’s hinging on the fact that Instagram isn’t instantaneously accessible via PC. Established users can log on to Instagram from their PC, but first time users can really only set up an Instagram account by downloading the app to their smartphone. This leaves a window of opportunity for PUP authors to target new Instagram users who want to set up an account through their PC.
For example:
- Say you hear about Instagram (from an article like this one ;) and you Google it while on your computer.
- You visit Instagram.com and find out that it’s an app, meant for your smartphone.
- You don’t like downloading apps or smartphones but you still want to try Instagram, so you go back to Google.
- You search for ways to get “Instagram for PC.”
- You download an Instagram “PC Installer” PUP, the nefarious author of which knew you were going to use the search term listed in #4.
It might sound like a round about way to distribute malicious software, but with over 200 million fish in the barrel it’s a low effort strategy to PUP payoff – particularly as Instagram grows in popularity and continues to attract less tech-savvy users.
Protecting Yourself from Social PUPs
We go through this effort because Instagram PUPs are simply one of too-many potentially unwanted programs circulating the web, essentially parasitizing the success of legitimate websites and applications. In the social media centric world we live in, there are endless opportunities for PUP authors to attach their creations to new trends and cash in with advertisements that slow down your computer.
For this reason, in addition to running a PUP-aware anti-malware, you should always take care to READ BEFORE YOU INSTALL. Most PUPs hide in the fine print – which is an excellent place to remain undetected in a world of character restricted commentary and tweets.
Emsisoft Endpoint Protection: Award-Winning Security Made Simple
Experience effortless next-gen technology. Start Free TrialHave a Great (PUP-Free) Day!