A group of malicious apps that steal credentials have been detected on Google Play, according to a post on ESET's We Live Security site.
The 13 apps – with a detection name of Android/Spy.Inazigram – appear to be tools to manage or grow Instagram users' followers, but actually are phishing for credentials and relaying them to a remote server. In total, the apps were installed 1.5 million times. However, once ESET alerted Google, all the apps were deleted from Google Play.
The ESET researchers believe these apps originated in Turkey, although some of them use English to connect with a global audience.
All of them use the same strategy to harvest user data: Users are duped with the promise the app will quickly boost their number of Instagram followers and ratchet up "likes" on their accounts. But, once downloaded and the victim logs in via a lookalike Instagram screen, the tool instead siphons out their user credentials and sends them in plain text to a remote server. Meanwhile, the user will be unable to connect, instead receiving an "incorrect password" error notice.
The researchers explain that the stolen credentials could be used for spreading spam and ads.
Victims are advised to uninstall the apps found in their application manager or "use a reliable mobile security solution to remove the threats for you." ESET is also advising buyers of any of the apps to change their actual Instagram password, as well as that of any account using the same password.
To prevent social media accounts being compromised, ESET advises that when downloading third-party apps from Google Play: