Malicious App 'InstaAgent' Sends Instagram Passwords to Unknown Server, Posts Spam in Users' Feeds

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Nov 10, 2015.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    InstaAgent, an app that connects to Instagram and promises to track the people that have visited a user's Instagram account, appears to be storing the usernames and passwords of Instagram users, sending them to a suspicious remote server.

    An app developer from Peppersoft downloaded InstaAgent -- full name "Who Viewed Your Profile - InstaAgent" -- and discovered it's reading Instagram account usernames and passwords, sending them via clear text to a remote server - instagram.zunamedia.com.

    [​IMG]

    InstaAgent is also using the credentials to log into accounts and post unauthorized images. Instagram does not permit third-party apps to upload photos to user accounts.

    [​IMG]

    While InstaAgent isn't particularly popular in the United States, it is currently the number one free app in both the United Kingdom and Canada, with thousands of downloads that puts a huge number of Instagram users at risk of having their information stolen. In the Google Play store, the app had between 100k and 500k users, and the install numbers could be similar for iOS.

    [​IMG]

    Google has removed the InstaAgent Android app from the Google Play store, but InstaAgent is still available in the iOS App Store for the time being. Anyone who has downloaded InstaAgent should delete the app immediately and change their Instagram password.

    Passwords for other sites and accounts that were the same as the Instagram password should also be changed as a precaution. We also highly recommend a password management app like 1Password, which can generate unique complex passwords for each and every site or service. Instagram also advises against installing third-party apps that don't follow its Community Guidelines.

    There are dozens if not hundreds of third-party apps that promise to provide Instagram users with followers and other perks, and these kind of apps should be avoided. According to Instagram, these apps are "likely an attempt to use your account in an inappropriate way" as InstaAgent does.

    Update 3:20 p.m. Pacific Time: InstaAgent has now been removed from the iOS App Store.

    Article Link: Malicious App 'InstaAgent' Sends Instagram Passwords to Unknown Server, Posts Spam in Users' Feeds
     
  2. Goldfrapp macrumors 68040

    Goldfrapp

    Joined:
    Jul 31, 2005
  3. BigHam, Nov 10, 2015
    Last edited: Nov 10, 2015

    BigHam macrumors member

    Joined:
    Mar 23, 2013
    Location:
    Australia
    #3
    After they remove this crap, they should remove instagram while they're at it.
     
  4. gpsouza macrumors 6502

    gpsouza

    Joined:
    Jan 1, 2012
    Location:
    Lisbon
    #4
    We are getting lots of fake apps into the AppStore while lots of good apps are rejected because some silly thing that no one cares.
     
  5. pgiguere1 macrumors 68020

    pgiguere1

    Joined:
    May 28, 2009
    Location:
    Montreal, Canada
    #5
    Not only that, but they're selling a bunch of IAPs to people claiming it will allow them to see who looked at their Instagram profile the most.

    So they have two shady income sources: misleading IAPs + account spamming.
     
  6. Getafe macrumors member

    Getafe

    Joined:
    Feb 17, 2011
    Location:
    Lynchburg, VA
    #6
    I don't touch those kinda apps. It just looks so suspicious. Obviously it doesn't do what it says it done. Avoid all this kind of apps at all costs people. They will cause more problems than they resolve.
     
  7. Caseynd macrumors regular

    Caseynd

    Joined:
    Jun 17, 2008
    Location:
    ND, USA
    #7
    slipped it past the monitors eh? sounds like they need some better app approvers
     
  8. TMRJIJ macrumors 68020

    TMRJIJ

    Joined:
    Dec 12, 2011
    Location:
    South Carolina, United States
    #8
    Why? What's wrong with Instagram? They should remove SnapChat and Yik Yak.
     
  9. joueboy macrumors 6502a

    Joined:
    Jul 3, 2008
    #9
    With the developers account personal information. Apple and Google should team-up to sue the people behind this. It's the only way to discourage people submitting malicious apps.
     
  10. applerocks macrumors regular

    Joined:
    Jun 7, 2005
    #10
    How on earth did Apple approve this? Goodness. Wonder if they also posted the Facebook privacy message on their news feed, and sent money to recover their long-lost uncle in Africa.

    Seems like the appropriate time for Apple to use the "kill switch" on iOS Apps and shut this thing down.
     
  11. Porco macrumors 68020

    Porco

    Joined:
    Mar 28, 2005
    #11
    This is bad, obviously, but I feel like there is a fine line between social networks and malware at the best of times...
     
  12. Jeremy1026 macrumors 68020

    Jeremy1026

    Joined:
    Nov 3, 2007
    #12
    Apps are reviewed for all of about 5 minutes. There is so much stuff that will never be tested in a typical app review.
     
  13. Goldfrapp macrumors 68040

    Goldfrapp

    Joined:
    Jul 31, 2005
    #13
    Why? What's wrong with Snapchat and Yik Yak? They should remove Grindr and Facebook.
     
  14. mejsric macrumors 6502a

    mejsric

    Joined:
    Mar 28, 2013
  15. Phil A. Moderator

    Phil A.

    Staff Member

    Joined:
    Apr 2, 2006
    Location:
    Shropshire, UK
    #15
    While it's easy to victim blame people who have been caught out by this, it highlights a big issue with the curated App Store model: many people implicitly trust that any app that Apple has allowed onto the store will not be malicious and they will therefore do stupid things (such as providing their login details)

    This is a massive breach of trust by Apple and they need to take the review process a hell of a lot more seriously than they appear to be doing

    It's also ironic that Google have already killed this on their store, but it's still there on the iOS store!
     
  16. rockinrony macrumors member

    rockinrony

    Joined:
    Sep 17, 2015
    #16
    Thats what Apple's new strategy under new team.....go in big quantity, chuck quality
     
  17. BigHam macrumors member

    Joined:
    Mar 23, 2013
    Location:
    Australia
    #17
    Don't get me wrong. I love instagram... But it's changed from a photo sharing platform to a perfect life presentation platform.
     
  18. writingdevil macrumors 6502

    Joined:
    Feb 11, 2010
    #18
    Maybe you're spending too much time following wrong accounts or browsing way too much. Also can be age related from older people I know.
     
  19. TheHateMachine macrumors 6502a

    TheHateMachine

    Joined:
    Sep 18, 2012
    Location:
    Houston, TX
    #19
    Why? What's wrong with Grindr and Facebook? They should remove Kik and Tapatalk.
     
  20. thegarden macrumors newbie

    Joined:
    May 9, 2014
    #20
    Why? What's wrong with Grindr and Facebook? They should remove Twitter and Pinterest.
     
  21. Rafagon macrumors regular

    Rafagon

    Joined:
    Jun 19, 2011
    Location:
    Miami, FL
    #21
    Apple should fire some of its California retail employees who were participating in that lawsuit against it, and hire more people for the App Review department instead.
     
  22. Rafagon macrumors regular

    Rafagon

    Joined:
    Jun 19, 2011
    Location:
    Miami, FL
    #22
    Why? What's wrong with Kik and Tapatalk? They should remove Path and Pinterest.
     
  23. writingdevil macrumors 6502

    Joined:
    Feb 11, 2010
    #23
    my uncle agrees with you. he never uses snapchat, but loves to harp about what the kids are doing wrong hese days.
     
  24. OldSchoolMacGuy macrumors 68020

    OldSchoolMacGuy

    Joined:
    Jul 10, 2008
    #24
    Idiot tax for those stupid enough to download such a questionable app and give it their password.
     
  25. jpgr15 macrumors 6502a

    Joined:
    Apr 28, 2015
    #25
    I agree. I'm not a developer but just an average user with some common sense. While I wouldn't download an app like this, I think most trust that if it's on the app store, it at least won't steal your personal information. I mean, even Apple says not to download anything outside of the app store. That almost implies if it is in the app store, it should be trusted.
     

Share This Page