Tempted to try out the much talked about Instagram app? Well, be careful where you get it from – as malware authors are distributing malware disguised as the popular app.

A day after the acquisition announcement, Instagram became the top free iPhone app on Apple’s App Store, and Android downloads have been off the charts (way over 5 million in less than a week, though Instagram has yet to share official numbers). The Instagram hype is higher than ever, and malware writers are of course looking to cash in.

They have set up fake websites advertising fake Instagram apps, which by the way don’t really do a good job of looking like the real one. Sophos Security has found a malicious program, identified as Andr/Boxer-F, a trojan designed to swipe data from your device. In the background, the malicious app sends expensive international text messages to earn its creators revenue.

Android lets you download and install apps from anywhere. If you want the official version of an app, however, get it from the official Google Play store. Here is the official Instagram link: play.google.com/store/apps/details?id=com.instagram.android.