Incident Response, TDR, Threat Management

Instagram companion app compromises 100k accounts

An iOS and Android application that claims to provide free 'likes' and followers to users of Instagram is actually a clever scam.

Satnam Narang, a researcher with Symantec Security Response, told on Wednesday that he believes approximately 100,000 people have downloaded the InstLike application so far. InstLike is no longer available on Apple's App Store and the Google Play Store, but Narang said the app is still available elsewhere on the internet.

“As a result of signing up for the InstLike service, users actually opt in to having their Instagram account externally controlled for the purpose of auto-liking and auto-following others,” Narang said. “When we tested the application, right away our Instagram account began liking pictures without any consent or interaction from us.”

Those who read the shoddy English-language instructions – which ask for Instagram credentials – should have been suspicious upon first launching the app. “We don't steal your account. Instargam [sic] don't allow using API for auto promotion, so our Auto Liker uses your login and password direct,” it reads.

InstLike is a crafty scam. Instead of just obtaining sensitive credentials, the app features a real-world money paradigm for getting likes and followers, and even offers a premium service, which allows for more flexibility with some of its functions.

Narang advises those who have installed and registered with InstLike to delete the app and change their Instagram password – or run the risk of continued auto-liking and auto-following from their Instagram account.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.