Instagram users have been the target of several new credential stealers, appearing on Google Play as tools for either managing or boosting the number of Instagram followers.
Under the detection name Android/Spy.Inazigram, 13 malicious applications were discovered in the official Google Play store. The apps were phishing for Instagram credentials and sending them to a remote server. Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store.
All the malicious app seem to be using the same technique in their operation. They operate by harvesting Instagram credentials and sending them to a remote server. Ironically instead of their own boosting, these users accounts end up being used to increase followers for other people.
The question is what happens to stolen credentials? Apart from an opportunity to use compromised accounts for spreading spam and ads, there are also various “business models” in which the most valuable assets are followers, likes and comments.
In our research, we’ve traced the servers to which the credentials are sent off and connected these to websites selling various bundles of Instagram popularity boosters.
The scheme below explains how it works:
There are several measures you need to put in place to ensure that you are protected.
- If you’ve downloaded one of these apps, you will find one of its icons under your installed applications. to clean your device, uninstall the above mentioned apps found in your Application manager or use a reliable mobile security solution to remove the threats for you.
- Change your Instagram password immediately you notice from Instagram about someone attempting to log into your account to secure your account. In case you use the same password across multiple platforms, change these as well as malware authors are known to access other web services using the stolen credentials, you are advised to use a different password on each of your accounts.
- Also avoid putting sensitive information to these third party apps.
- Have an up to date antivirus to protect and control the download of third party apps for example ESET that has help in blocking of these malicious apps.