Date:14/03/17
Security researchers have discovered 13 new Instagram credential-stealing apps on Google Play.
The malicious apps, which pose as tools for either managing or boosting Instagram follower numbers, are actually designed to phish for Instagram credentials. The stolen credentials allow hackers to abuse compromised accounts in order to distribute spam and ads, enriching crooks in the process.
Altogether the malicious apps have been installed by up to 1.5 million users, software security firm ESET reports.
Upon ESET's notification, all 13 apps were removed from the store.
The dodgy apps typically trick marks into installing them by promising to increase the number of followers, likes and comments tied to an Instagram account.
Victims were induced to hand over their credentials via an Instagram lookalike screen, which was then sent to the attackers' server in plain text.
While the apps appear to have originated in Turkey, some used English localisation to target Instagram users worldwide.
ESET has added detection for the nasties, which it collectively identifies as Android/Spy.Inazigram. More details of the threat can be found in a blog post by ESET here.
Although phishing and malware threats targeting either Facebook or Twitter users are more common, Instagram fans are by no means strangers to threats. For example, crooks have put together a smut-themed scam campaign targeting Instagram users last August. The ruse was designed to pull in traffic to X-rated and adult hookup sites.
Instagram phishing apps pulled from Google Play
Security researchers have discovered 13 new Instagram credential-stealing apps on Google Play.The malicious apps, which pose as tools for either managing or boosting Instagram follower numbers, are actually designed to phish for Instagram credentials. The stolen credentials allow hackers to abuse compromised accounts in order to distribute spam and ads, enriching crooks in the process.
Altogether the malicious apps have been installed by up to 1.5 million users, software security firm ESET reports.
Upon ESET's notification, all 13 apps were removed from the store.
The dodgy apps typically trick marks into installing them by promising to increase the number of followers, likes and comments tied to an Instagram account.
Victims were induced to hand over their credentials via an Instagram lookalike screen, which was then sent to the attackers' server in plain text.
While the apps appear to have originated in Turkey, some used English localisation to target Instagram users worldwide.
ESET has added detection for the nasties, which it collectively identifies as Android/Spy.Inazigram. More details of the threat can be found in a blog post by ESET here.
Although phishing and malware threats targeting either Facebook or Twitter users are more common, Instagram fans are by no means strangers to threats. For example, crooks have put together a smut-themed scam campaign targeting Instagram users last August. The ruse was designed to pull in traffic to X-rated and adult hookup sites.
Views: 365
©ictnews.az. All rights reserved.
Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World
