Late last year, an app called InstaAgent fooled thousands of iOS and Android users into giving out their Instagram credentials in order for them to see who’s viewing their profiles. Instead, what the app really did was send these login credentials to an unknown server, besides hijacking user accounts to post images without permission. InstaAgent was so well-engineered (in the social engineering sense) that it reached nearly half a million downloads on the Apple App Store alone before being taken down.
Now it appears that its developer is going for a second try, with all the same elements, but under a different app name: InstaCare. This app does the exact same thing InstaAgent does—it steals user info and hijacks accounts—and again, it’s garnered the same amount of success. InstaCare reportedly even reached top spots of the Apple App Store download rankings lists in some countries. The app seems to have been taken down as if this writing, but considering the number of users that it was exposed to during the period that it was available, it did the job.
InstaAgent, InstaCare, and similar scam apps prove that social media in itself continue to be effective social engineering lures. While it’s not completely the fault of users who want to see who viewed their profiles and content, throw up similar search terms on Apple App Store and Google Play and a veritable cornucopia of other apps advertising the same functions appear. It should be reiterated that to date, there remains to be no legitimate, secure app that allows social media users to see who viewed their social media accounts. Save for LinkedIn’s “profile view” reports, popular social media sites and applications neither provide nor support this kind of service.
Trend Micro detects the malicious mobile app as IOS_INSTASTEALER.A and ANDROIDOS_INSTASTEALER.A for iOS and Andriod devices, and installing mobile security applications like Trend Micro Mobile Security can help users protect themselves against these kinds of threats. Those who have downloaded it should delete the app, and are advised to change their account passwords. It bears repeating that users should always be careful of what apps they download. InstaCare’s resurrection is a reminder that despite efforts by app stores to ensure quality and security of the apps they offer, a couple of bad apples slip through.
Inspect the apps carefully before installing them. What do the reviews say? Is there an inordinate amount of 5 star and 1 star ratings? Last of all, check the permissions it asks for in case you decided to take the plunge—is it asking for more than it should? If in doubt, just skip it.
Like it? Add this infographic to your site: 1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).