One of the most popular smartphone apps, the Instagram profile analyser called InstaAgent, was pulled from Apple’s App Store on Tuesday as it was discovered by a German developer to be harvesting user names and passwords.
The claim came from a Peppersoft developer known by the Twitter handle David L-R, who found that “Who Viewed Your Profile – InstaAgent” was primarily a malware-infested app with the aim of harvesting login credentials, rather than monitoring Instagram profile visits as it claimed.
By looking into the app’s code, it was found that sensitive account information was being sent unencrypted to a remote server with the address instagram.zunamedia.com, with the details in some cases being used to log in and post unauthorised photos to users’ Instagram feeds. David L-R stated that the remote server is not connected to Instagram’s official network in any way.
InstaAgent is no longer available for download, but the iOS App Store still contains many Instagram profile apps that may be doing something similar to InstaAgent, though not necessarily in a nefarious manner. Similar titles include “Who Viewed My Profile” and “Who Viewed My Instagram Profile”. Instagram itself recommends that users do not download third-party apps.
It’s rather worrying that InstaAgent made it through the review process, but even more so that InstaAgent was almost unscrutinised as one of the top apps for so long.
In terms of iOS App Store malware, Apple last had a high profile incident in September, when Chinese developers used a hacked version of Xcode (Apple’s development tool) to create and upload apps. Known as XcodeGhost, the program infected legitimate apps in order to collect user data. Apple eventually wiped the store and then hosted official copies of Xcode on Chinese servers to speed up download times, which was the main reason developers in the country had turned to illegitimate versions of the software.
Larry Banks is a keen follower of technology and finance. He has worked for a variety of online publications, writing about a diverse range of topics including mobile networks, patents, and Internet video delivery technologies.