It seems that Instagram users are again the target of malicious content found on the Play Store. From what we know until now, there are certain apps there that steal people’s credentials under the pretext that they will boost the number of followers on their account.
Who discovered it?
Lukas Stefanko, who works as a security researcher at ESET, uncovered 13 apps that seem to have been written recently by a Turkish developer. Out of them, seven were targeting Turkish-speaking users, while the rest aimed for users all around the world. Stefanko reported the 13 apps to the security team at Google, and last week they removed them from the Store.
How do they work?
All 13 apps worked pretty much in the same way. They were being advertised as a tool to help you boost the Instagram number of followers, which convinced people. After an user installed one of the app, there was a screen that asked him or her to enter the credentials for the Instagram account so that they can log in.
As such, the app gathered the login details and sent them to another remote server. A login error would then appear. After several login errors, the screen would ask the user to go to the official Instagram site and log in there.
What are the consequences?
If you don’t change your password after you enter the credentials on the app, the malicious people could use your account in order to like images from your Instagram account and even to follow other accounts. There are even some online services that bring likes and followers on the popular social platforms for money, and the accounts they hack in this way could help them make more money. All in all, keep in mind to be suspicious of anything that asks you to login, and do so only from the official app.