Malicious Password-Stealing Instagram App Is Back in the App Store

In November of 2015 a new kind of internet threat emerged, this one from within Apple’s “walled garden” of the App Store. InstaAgent rose to popularity in November as it promised Instagram users the ability to easily see the top users and commenters on their profile. It was discovered by Peppersoft developer David L-R that InstaAgent was sending each user’s Instagram account information and password back to a server owned by the app developer.

The malicious app posts images under a user's name

The malicious app posts images under a user’s name

Apple removed the offending app, but its developer, Turker Bayram, has a new app that seems to be the old app with a new name. “Who Cares With Me – InstaDetector” is the new app which is sending user’s account information back to the developer’s own server.  In MacRumors’ excellent writeup of the issue, they say, “David L-R investigated Bayram’s new apps and discovered a suspicious HTTPS packet, leading him to uncover a complex encryption process used to covertly send usernames and passwords to a third-party server and hide the evidence. He found both the Android and iOS versions of the app send Instagram account information to unknown servers.”

Apple removed this same developer’s app in November, but allowed a new app with similar function, that turns out to run very similar malicious code to steal usernames and passwords back in the App store not even six months later. C’mon, Apple!

Leave a Reply

Your email address will not be published. Required fields are marked *