Researchers Expose Fake Android Apps Stealing Instagram Passwords

Instagram undoubtedly is a very popular social networking platform, which is the main reason why it attracts the attention of cyber-criminals, hackers and scammers so frequently. According to latest findings from the mobile malware research team at Intel Security, Google Play store has become a haven for Instagram password stealers. These malicious cybercriminals are distributing the malware as utilities and tools to not just access but also automate these Instagram accounts:

Screenshot of Instagram password stealer apps

Instagram users in Turkey are the prime targets of this latest malware campaign. The malware redirects the victims to a phishing website that easily hijack their Instagram account by stealing username/password through the WebView component. The login page has been designed just like the original Instagram login page. Therefore, it becomes difficult for innocent, unsuspecting users to identify any foul play and they give out their passwords.

More: Instagram Hacked: Security Researcher Gets Admin Panel Access

The credentials are then passed on to the scammer or the malware developer in plain text format. Any unauthorized person can easily obtain the account name and password by monitoring the network connection especially if it is a free Wi-Fi network.

This screenshot shows that the login page is identical to the legitimate login page of Instagram:

Screenshot of fake login page

If the same passwords are being used to access other websites or social media accounts by the victims, it is quite likely that personal information might get leaked from there as well.

This threat has been dubbed as the Android/InstaZuna threat by McAfee Mobile Security and the company’s research team alerts mobile users to its presence and warns them to be cautious so that they do not face any unexpected and unfortunate data loss.

More: SpyNote Trojan (RAT); Yet Another Bad News for Android Users

Intel Security researchers recommend that users must install mobile security and password management software. It is advised that they shouldn’t trust unofficial sources for downloading applications no matter how tempting this act may appear to them. For more technical details visit Intel-McAfee blog post and thanks to Mr. Ben of 31337it Solutions for letting us know about this research.

Related Posts