Connect with us

Hi, what are you looking for?

Tech & Science

Apple and Google remove Instagram app that stole user details

The app’s malicious intentions were discovered by iOS developer David L-R. After downloading InstaAgent and examining the source, he found the app sends its users’ data to a server at ‘instagram.zunamedia.com.’ It is unclear what happens to the usernames and passwords when they arrive at the server or what the intentions of the app developer are.

InstaAgent  an Instagram client that stole the passwords of hundreds of thousands of users

InstaAgent, an Instagram client that stole the passwords of hundreds of thousands of users
David-LR (@PeppersoftDev)

This collected information could be used to hack accounts, post photos without the users’ knowledge or obtain other profile details. Those who have downloaded InstaAgent should remove the app and change their Instagram password as soon as possible.
Hundreds of thousands of people are believed to be affected. The app had reached the top of the free iOS apps chart before Apple removed it today. Google responded before Apple, pulling the app from the Play Store within hours of David L-R’s first tweets. On Android, InstaAgent may have been downloaded as many as 500,000 times.

InstaAgent  an Instagram client that stole the passwords of hundreds of thousands of users

InstaAgent, an Instagram client that stole the passwords of hundreds of thousands of users
David-LR (@PeppersoftDev)


The app allowed users to view more information about their Instagram presence than the company itself usually provides. One of InstaAgent’s most advertised features let users see a list of people who have looked at their profile.
InstaAgent’s developer also broke Instagram’s terms and conditions. It was capable of posting unauthorised photos, including an image of text saying “Do you want to see people who viewed your Instagram profile?” Instagram’s API specifically says third-party photo uploads are not supported.
The incident has led to more scrutiny of the regulation procedures used by Apple and Google to verify whether an app should be made available in their store. Instagram warns against using third-party apps unless they have a history of being supportive of its platform. The company says it will be sending emails to InstaAgent users and told the BBC: “These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user’s accounts in an inappropriate way. We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password.”
The issues with InstaAgent have affected another iOS developer. Craig Pearlman has his own app called ‘InstaAgent’ which remains available for download and has no malicious intentions. He told the BBC that users are already confusing the two, saying the malicious app’s behaviour would be “impossible to produce” in his.
Instagram users are advised against using a third-party app that claims to offer dubious features not supported by the company itself. InstaAgent constitutes a violation of Instagram’s own terms and conditions and the identity and purpose of the server it is sending details to remains unknown. David L-R notes it may be the first malware to be downloaded over 500,000 times on iOS.

Written By

You may also like:

Business

United Airlines reported higher quarterly profits Wednesday but announced it would trim US capacity later this year.

Sports

Wearing goggles and a wet suit, the 65-year-old city leader swam breaststroke before immersing her face and beginning a front crawl.

Business

A landmark European Union law known as the Digital Markets Act (DMA) entered into force in March.

Business

Scientists are remaking the things people want and need using net zero technologies.