Instagram users have been the target of several new credential stealers, appearing on Google Play as tools for either managing or boosting the number of Instagram followers.
Under the detection name Android/Spy.Inazigram, 13 malicious applications were discovered in the official Google Play store. The apps were phishing for Instagram credentials and sending them to a remote server. Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store.
All the malicious app seem to be using the same technique in their operation. They operate by harvesting Instagram credentials and sending them to a remote server. Ironically instead of their own boosting, these users accounts end up being used to increase followers for other people.
The question is what happens to stolen credentials? Apart from an opportunity to use compromised accounts for spreading spam and ads, there are also various “business models” in which the most valuable assets are followers, likes and comments.
In our research, we’ve traced the servers to which the credentials are sent off and connected these to websites selling various bundles of Instagram popularity boosters.
The scheme below explains how it works:
There are several measures you need to put in place to ensure that you are protected.
If you’ve downloaded one of these apps, you will find one of its icons under your installed applications. to clean your device, uninstall the above mentioned apps found in your Application manager or use a reliable mobile security solution to remove the threats for you.
Change your Instagram password immediately you notice from Instagram about someone attempting to log into your account to secure your account. In case you use the same password across multiple platforms, change these as well as malware authors are known to access other web services using the stolen credentials, you are advised to use a different password on each of your accounts.
Also avoid putting sensitive information to these third party apps.
Have an up to date antivirus to protect and control the download of third party apps for example ESET that has help in blocking of these malicious apps.
60% of all Kenyan adults possess a smartphone today. We need these gadgets with us all the time since they help us navigate in today’s digitized society. They take high-quality pictures, it’s a quick access to latest news and entertainment. They connect us to people through social media and interaction is easy without the need of postal services. These gadgets make us feel connected to the world.
However, smartphones contain almost 80% of our personal data and to some 100% of their lives are contained in these gadgets. Personal data include bank PINs, passwords, credit card numbers, very personal messages and emails you name it. Even though these gadgets make navigation through life easier, it increases the risk of being hacked and personal data stolen or exposed.
Viruses are designed to steal information and sometimes it is very hard to know if you are hacked or if it is just the phone that has issues. This is because, most viruses hide in the “background” and are harder to detect. The main question here is how can you know if you are hacked? If your phone has been infected, it may show sudden erratic behaviors that affect the connectivity and usability of your phone. Other signs may include, unauthorized charges and transactions to your credit card or bank or the phone seem unresponsive, text messages and calls that you did not make etc.
Do not download data from unknown sources and take time to research and read reviews before downloading anything to find out if it is legit or not.
The best way to keep your phone safe is to purchase an appropriate antivirus and always keep it up to date. ESET Mobile security for example has features that secures every inch of your phone starting from anti-phishing to SMS.
ESET mobile security has anti-theft features that locks your smartphone in case your phone gets stolen and therefore protects your personal information. Other than that, it facilitates tracking of your gadget whenever it is stolen and many more.
Stay protected and enjoy safer technology with ESET.
In the past years, hacking and phishing has evolved to a whole new level. This leaves us wondering will you know you are being hacked or even if it’s just a scam that can cost you loads? Today if you were to receive a scam email, how confident are you that you would not open or download any attachments?
According to previous reports, 40% of fraudulent e-mails are opened and attachments downloaded. The numbers may seem small and harmless but in the world of e-mail open rates, that is poisonous. On this note, it is scary that Gmail phishing is on the rise since it is going beyond bounds to effectively trick users.
How it works
The new tactics are so good that the e-mail will not fall under the scam folder. This is why Gmail scams are affecting many victims. First and foremost, it all begins by receiving an e-mail from someone you know and maybe trust. Someone that may have been hacked and account stolen. The email contains information that looks familiar.
This familiarity of the details makes you open the email and even download the attachments. At one look everything looks legitimate to you. When downloading or previewing the attachments, it will take you to a Gmail login page that looks so real with no grammatical errors or even unrelated images and the graphics are perfect. The only error would be in the URL but who checks when the rest is fine? At the start of the URL, you’ll see “data:text/” and yet it should not exist. You may also see a green lock symbol at the start of the URL if you are using Chrome.
For the many who do not take note of the above, just quickly sign in and once the submission of your credentials is successful, everything is over and you know become the victim with your email being used to scam others. With your account in the hand of the hacker, they are now poisoned to compromise your personal and professional life and that may just be the beginning.
This does not happen only to Gmail users. Everyone is in danger. It only takes one to be naïve and lack legitimate and proper antivirus software that would have noted the phishing emails and the fake redirected cite. ESET products have the sole purpose of protecting you against this situations, whether on your mobile phone or tablet or computer. Enjoy safer technology today with ESET.