Security researchers from cybersecurity firm ESET discovered at least 13 new Instagram credential-stealing apps on Google Play which have been installed by up to 1.5 million users.
A number of malicious applications purporting as tools to either manage or boost the number of Instagram followers have targeted users on the Android platform. These apps appear to have originated in Turkey and used sparse localization in English to target users around the world.
These 13 applications were phishing for Instagram credentials before sending them to a remote server.
As it transpired, the applications used similar harvesting techniques to comb for Instagram credentials before sending them to a remote server. The apps baited victims by promising rapid increases in the number of followers and likes on one’s Instagram account. In a twist of irony, compromised accounts were used to increase the follower counts of other users in a self-perpetuating manner.
When victims fall into the phishing trap of providing user credentials on a faux Instagram login screen, the username and password is sent to the attacker’s server in plain text. These compromised accounts are then used by the attackers who sell various ‘bundles’ of Instagram popularity boosters, as explained by ESET here.
Altogether, these malicious apps have collectively seen a staggering 1.5 million installs from users around the world, underlining the significance of the malicious phishing scam. ESET has since informed Google of these applications and all 13 apps have been removed from the store.
LIFARS recommends users to not reveal their credentials into the login forms of unofficial applications or third-party apps. A trusted application will have a number of installs, ratings and, more pertinently, user reviews, that will shed further light into the authenticity of an application.
ESET has labelled the rogue phishing scam under Android/Spy.Inazigram, the strain used commonly by the 13 discovered applications on the official Google Play store.
Image credit: Pexels.