13 Malicious Apps in Google Play Store Steal Instagram Credentials

Cyber criminals are again targeting Instagram users who wish to improve their profiles fast and at no cost. Researchers from security company ESET have discovered 13 malicious applications on the official Google Play which promise to raise the number of followers, comments, and likes of an Instagram profile, but instead, steal the user's credentials and send them to the hackers' Command and Control servers. According to ESET's report, the apps carry a malicious file named "Android/Spy.Inazigram".

Researchers found out that the tools carrying the infected originate from Turkey, however, some of them used English localization to extend the reach and target users more broadly. The malicious apps have been downloaded over 1.5 million times before they were discovered and reported to Google Security Team, so experts suggest the hackers have already managed to collect a good set of Instagram credentials that they can use for their own profit.

The infected applications promise to grow your follower base, as well as to boost the number of comment and likes of your Instagram post, yet in fact, they can only harm you. The malware works in a relatively simple way. The malicious apps display a login page that looks very similar to the actual Instagram login page. The user is this way tricked into putting in their username and password, and as soon as they do this, the typed data is sent as a plain text to the hacker's server. After that, any subsequent login attempt of the victim fails as a message of "incorrect password" appears on the screen. At about the same time, users will receive an e-mail from Instagram informing them of an unauthorized attempt to access their account.

With these tactics, the attackers are obviously trying to get the user's trust and make them keep using the malicious application. Then, the malware tells the users to visit the official Instagram page in order to confirm that they attempted the unauthorized login. If at this point the user actually trusts the app, visits the official Instagram page and verifies the login, the hackers get access to the victim's Instagram account.

There are many ways for hackers to profit from stolen account credentials. In this particular case, they can use the compromised Instagram accounts to post comments and to "like" posts of other users who have downloaded the tools for boosting follower’s numbers. Also, the stolen accounts can be used for spreading spam and ads. For users, the best way to protect their data is to stay away from suspicious applications like these. Otherwise, for people who have already installed such a tool, experts advise to remove it immediately and to run an anti-virus scan in order to check if the device is infected. Also, it is advisable to change your Instagram password, as well as your login details on any other websites for which you have used the same combination of email and password.