Popular Instagram InstaAgent pulled from app stores due to malware discovery

Photo of author

By Larry Banks

One of the most popular smartphone apps, the Instagram profile analyser called InstaAgent, was pulled from Apple’s App Store on Tuesday as it was discovered by a German developer to be harvesting user names and passwords.

The claim came from a Peppersoft developer known by the Twitter handle David L-R, who found that “Who Viewed Your Profile – InstaAgent” was primarily a malware-infested app with the aim of harvesting login credentials, rather than monitoring Instagram profile visits as it claimed.

By looking into the app’s code, it was found that sensitive account information was being sent unencrypted to a remote server with the address instagram.zunamedia.com, with the details in some cases being used to log in and post unauthorised photos to users’ Instagram feeds. David L-R stated that the remote server is not connected to Instagram’s official network in any way.

Before InstaAgent was pulled from the App Store, it was topping the free charts in many countries such as the UK and Canada, with thousands of users unwittingly handing over their Instagram account details. There are few hard numbers yet in terms of users of the app, but the developer estimates that as many as 500,000 users downloaded the app. That matches up with InstaAgent’s performance on Google Play, which also removed the app this week.

InstaAgent is no longer available for download, but the iOS App Store still contains many Instagram profile apps that may be doing something similar to InstaAgent, though not necessarily in a nefarious manner. Similar titles include “Who Viewed My Profile” and “Who Viewed My Instagram Profile”. Instagram itself recommends that users do not download third-party apps.

It’s rather worrying that InstaAgent made it through the review process, but even more so that InstaAgent was almost unscrutinised as one of the top apps for so long.

In terms of iOS App Store malware, Apple last had a high profile incident in September, when Chinese developers used a hacked version of Xcode (Apple’s development tool) to create and upload apps. Known as XcodeGhost, the program infected legitimate apps in order to collect user data. Apple eventually wiped the store and then hosted official copies of Xcode on Chinese servers to speed up download times, which was the main reason developers in the country had turned to illegitimate versions of the software.

SOURCE: AppleInsider.

Images Courtesy of DepositPhotos