McAfee researchers discover infected apps in the Store

Jan 17, 2017 08:15 GMT  ·  By

A team of engineers from Intel Security discovered a series of apps published in the Google Play Store that attempted to steal Instagram users’ passwords.

All apps were available for free and were typically advertised as solutions that could help Instagram users increase the number of followers.

In a post today, on McAfee’s blog, the engineers reveal that the malware apps were primarily aimed at Turkish Instagram users, but anyone could download them from the Google Play Store. Their names, however, seem to point mainly to Turkish targets.

Once the apps were installed on users’ Android smartphones, they required Instagram login credentials, redirecting users to a simple phishing website prompting for the username and password.

“The malware lead victims to a phishing website that steals Instagram account passwords using the WebView component. The design of the login page is very simple, so it is difficult for users to appreciate the difference between legitimate and fake,” the security engineers explained.

Apps already removed from the Play store

Once usernames and passwords are provided into the phishing site, the data is automatically transmitted to the malware author as plain text. This means not only that the cybercriminal gets the password but also that anyone monitoring a network connection can intercept the data and steal the Instagram credentials.

It goes without saying that while Instagram accounts are the first ones exposed by this attack, users could face additional risks if the same password is configured for other online accounts. “Malware authors will attempt to log into other web services using the stolen accounts and passwords,” McAfee says.

On the good side, Google has already removed the apps from the Play Store, so users can no longer download them. Users running antivirus solutions on their Android devices could see the apps flagged as Android/InstaZuna.

Additionally, users who have already installed any of the malicious apps are recommended to change their Instagram account passwords as soon as possible, as well as the credentials used for accounts were the same password was previously configured.