If you have an Android device and also use the social media website Instagram, be aware of the fake apps showing up on Google Play Store. Just this past week, there were 13 malicious apps found on Google Play Store which targeted login information for Instagram. We have all of the details about this latest phishing scam happening on Google Play Store.
13 Malicious Apps Found Targeting Instagram Users
The bad news here is that ESET security researchers have found 13 apps this past week that were malicious and targeting Instagram. The issue is that these apps were all found on Google Play Store, even though they were malicious. The intent of all of these apps found by ESET was to steal your login credentials for Instagram, which is done using a phishing scam. When ESET looked at the code for these apps, it was labeled as Android/Spy.Inazigram. The login information and credentials would be transferred to a remote server to use later on or sell on the dark web.
A lot of the malicious apps that come from Google Play Store show up with the intent of stealing login information of social media users. Due to how popular social media websites and apps are, the social media sites are one of the biggest targets out there for phishing scams and other types of scams. In this particular case, ESET found that the origins of this Instagram-stealing campaign began over in Turkey. There was a bit of localization though in other areas, meaning that Instagram users from all over the globe were targeted.
The worst part about what ESET found was that these 13 apps have been downloaded by 1.5 million people who use Instagram. Considering that this was only 13 apps, 1.5 million downloads and installs is quite a bit. Google did immediately remove these 13 apps once ESET notified the company of the malicious phishing intent of these apps, which is good news at least.
How The Instagram Phishing Scam Works
If you are wondering how this phishing scam works, it is really simply. Basically, these apps would entice the users by saying this app or that app would help increase your followers and likes. These apps promise to give you more comments on your Instagram account as well. The issue is that none of these apps really will help you gain followers or likes on Instagram. Instead, these apps will hijack your account.
The hackers end up getting your login information in a plain text format, and then you are locked out of your Instagram account. You are locked out because it will tell you that your password is wrong, since most of the time the hackers will change the password. You will then be told you need to head over to the Instagram website in order to verify you are the owner of the account.
When it comes to what people have to gain here by using malicious apps to target Instagram, there is quite a bit these people are trying to achieve. For one, cybercriminals can use these types of attacks to distribute various ads and spam. The most important parts of your account are likes, comments, and followers, and the hackers and scammers out there take advantage of you wanting to increase these on the social media platform.
You will know if you were someone affected by these 13 apps because you will likely get failed login attempt emails from Instagram. You also might try to login to your Instagram account on Android and find out that you are getting the wrong password message. Be sure to check your emails before you click on anything to verify your identity as well, since there are messages asking you to verify your identity as part of this credential-stealing effort.
Before you ever click on a link asking you for your information, make sure that the email is directly from Instagram. You can go into your Application Manager on your Android device to uninstall the malicious apps, which is something you should do immediately once you realize you were a victim of this attack. You also should be using mobile security software to keep your Android device protected from these types of situations.