Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Threat Management, Threat Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

Three apps claiming to improve Instagram exposed as an insta-scam

A trio of Android applications that supposedly helped Instagram account owners increase likes and followers, boost security and improve the overall user experience were actually stealing their usernames and passwords, Malwarebytes has reported.

The apps, which were designed to target users based in Iran, had been available for download via the Google Play store as recently as April 12, but have seen been removed by Google, according to Malwarebytes Senior Malware Intelligence Analyst Nathan Collier, who penned a company blog post detailing the scam.

Collectively, Malwarebytes identifies the malicious apps as Android/Trojan/Spy.FakeInsta. The first of the three, Followkade, had over 50,000 installations prior to removal. According to the blog post, the Followkade app opens to a splash page following installation, and then to another page requesting the user's credentials. Entering such information immediately results in it being sent to a known malicious website.

The other two apps are roughly translated as Like Begir Insta and Aseman Security Instagram. The former promises to generate likes, assist in the purchase of cheap coins, and provide daily gifts. The latter claims it can improve Instagram page security.

"There are many apps that pose as so-called helpers piggybacking off the social media craze. Some of them are legitimate apps that might be able to help users boost likes and followers as advertised. However, malware authors can too easily mimic the above-board apps, and they bank on users’ desire to find fast validation through social media acceptance," writes Collier, who recommends that Instagram users avoid shortcuts and build their popularity the traditional way by developing quality content, while improving security through longer passwords.

Bradley Barth

As director of community content at CyberRisk Alliance, Bradley Barth develops content for SC Media online conferences and events, as well as video/multimedia projects. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.