STE WILLIAMS

A popular but malicious fake Instagram “who viewed your profile” app has been pulled from both Apple’s App Store and Google Play – but not until after between 500,000 and a million suckers downloaded it.

“Who Viewed Your Profile – InstaAgent” exploited peoples’ insecurity (it’s also a popular way for Twitter scam accounts to draw in the clicks) to get them to install an app that harvested user credentials, posted them to a remote server, and hijacked accounts to post unauthorised images to victims’ profiles.

German iOS developer David Layer-Reiss, who goes by the Twitter handle @PeppersoftDev, discovered the hijack.

Both Apple and Google have to be marked down for letting the app past their code review processes in the first place.

United Press International says the Android version got at least 100,000 downloads in spite of a 2.2 star rating. Other estimates give the possible Android download rate at close to the App Store’s half-a-million.

#InstaAgent is only able to post a image in your #Instagram account because they got your account password! #hacked pic.twitter.com/0vD1OJBY9l

— David L-R (@PeppersoftDev) November 10, 2015

I would say “Who Viewed Your Profile – InstaAgent” is the first malware in the iOS Appstore that is downloaded half a million times.

— David L-R (@PeppersoftDev) November 10, 2015

As a rule, El Reg would note, any third-party app promising to identify profile viewers on social media accounts should be treated as a scam. LinkedIn is a special case: there, it’s profile view reports is just a creepy feature. ®

Sponsored:
2015 Cost of Cyber Crime Study: United States

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/11/12/instascam_apple_yanks_phoney_app_google_follows/