There seems to be a serious security concern for users on Instagram as reports indicate that numerous apps on the Google Play Store, which promised to boost the number of likes and followers in Instagram were actually scam applications that harvested the users account information.
A total of 13 apps were detected in the Google Play Store under the name Android/Spy.Inazigram, which was found to be malicious. These apps would steal the Instagram credentials of all who chose to use them and then store these data in a remote server.
These security loopholes were found and reported by ESET. After the allegations came to light, the malicious apps concerned were removed from the Google Play Store.
How These Apps Steals Your Data
These applications enticed users with promises of radically improving their follower count on Instagram. All those who fell for the ploy would then go on to install the app and try to log in to their account in Instagram from within the app.
Users would be greeted with a log-in page which was identical to the Instagram log-in page. However, once someone entered their username and password, the page would show an error message regarding incorrect password even when the correct password was keyed in.
“The credentials entered into the form are then sent to the attackers’ server in plain text,” sitesESET, revealing how the phishing scam was carried out.
After a couple of tries to log in, the user would then be shown a message which would ask them to log in to their account using Instagram’s own web page and to also verify the account.
“As the victims are notified about unauthorized attempt to log in on their behalf and prompted to verify their account as soon as they open Instagram, the note aims to lower their suspicion in advance,” per the report.
It is evident that the culprits behind such malicious software use a lot of planning and devise new ways of scamming innocent people. Once the user verifies the attempt to log in, the hackers get free reign to use that account.
Utilization Of The Stolen Data
While phishing Instagram credentials may sound like a non-profitable activity, the fact of the matter is quite contrary.
In sites like Instagram, followers, likes and comments are highly sought after assets. After stealing the account details, these scammers then sell these assets on a daily or monthly basis. ESET seems to have tracked the scammers’ activity from the point of stealing the data, all the way to the point when these likes and followers are sold off to any who wants to buy them.
How To Safeguard Yourself
If you have one of the malicious apps installed (shown in the image), then uninstall the app as soon as possible and also ensure to change the Instagram password.
If you use the same password for other sites as well, then it is advisable to change those passwords as well. For the most part, it is suggested that you do not enter your login and password details into any distrusted app, which you may have installed.
© 2017 Tech Times, All rights reserved. Do not reproduce without permission.