ESET researchers have discovered 13 new Instagram credential stealing apps on Google play and looked into the motivations behind the fraudulent schemes in a new blog post.
Under the detection name Android/Spy.Inazigram, the malicious apps were phishing for Instagram credentials and sending them to a remote server. While they appear to have originated in Turkey, some used English localization to target Instagram users worldwide.
Altogether, the malicious apps have been installed by up to 1.5 million users.
Key features of the apps:
- To lure users into downloading, the apps promised to rapidly increase the number of followers, likes and comments on one’s Instagram account. Ironically, the compromised accounts were used to raise follower counts of other users
- The apps require the user to log in via an Instagram lookalike screen. The credentials entered into the form are then sent to the attackers’ server in plain text.
- The stolen credentials can be used to compromise accounts and spread spam and ads, as well as various other “business models” in which the most valuable assets are followers, likes and comments.
The full blog post explains this in detail and provides advice on how users can protect themselves: http://www.welivesecurity.com/2017/03/09/new-instagram-credentials-stealers-discovered-google-play/