Android/Spy.Inazigram in 13 Google Play Apps Steals Instagram Credentials

Android/Spy.Inazigram in 13 Google Play Apps Steals Instagram Credentials

Instagram users, beware! ESET researchers just disclosed that 13 malicious apps on Google Play are currently trying to harvest user Instagram credentials. The apps in question carry Android/Spy.Inazigram which is phishing for credentials, eventually sending them to a remote server.

The apps appear to have originated from Turkey some of them used English localization to target international users of Instagram, the researchers wrote. “Altogether, the malicious apps have been installed by up to 1.5 million users. Upon ESET’s notification, all 13 apps were removed from the store,” ESET explained.

Users were lured by the apps as they were presented to them in the official Google Play store as useful tools to increase Instagram followers, likes and comments. Needless to say, the apps were actually meant for something else – Instagram credentials.

Related: Instagram Prone to Remote Code Execution Exploits

How were Instagram users fooled into installing the malicious apps containing Android/Spy.Inazigram?

Quite easily! The login pages of the apps were designed to look very close to the original Instagram app to lure users into giving away their login details. Once the details were in place, the email addresses and passwords were sent in plain text to the remote server controlled by the attackers. Finally, once that step was complete, users were no longer able to log in. They would instead get an “incorrect password” error screen.

Here is the list of the malicious apps carrying Android/Spy.Inazigram:

Here is the fake login page luring users into giving away their Instagram credentials:

And finally, here is the error page the user would eventually get once he enters his credentials:

What purpose do stolen Instagram credentials serve?

One idea that instantly comes to mind is the distribution of spam and ads that could eventually lead to further complications such as more malware. However, Instagram followers may also be abused, as well as likes and comments, researchers warn.

Fortunately, ESET was able to trace the servers to which the creds were sent off and connected them to websites selling various bundled of Instagram popularity boosters. So the mystery is solved!

Milena Dimitrova

An inspired writer, focused on user privacy and malicious software. Enjoys 'Mr. Robot' and fears '1984'.

More Posts - Website

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Please wait...

Subscribe to our newsletter

Want to be notified when our article is published? Enter your email address and name below to be the first to know.