InstaAgent – has been flagged after a developer found it stores user names and passwords of Instagram users and sends them to an unknown server.
Advertisement
If the motives seem unclear, we do know the app was using credentials to log-in and post unauthorized spam images to Instagram.
David L-R notes in his tweets that InstaAgent was sending account information, including usernames and passwords, unencrypted to a remote server that was not connected to Instagram officially in any way, shape, or form. InstaAgent has even been posting photos without a user’s permission in his or her Instagram profile.
Following reports of InstaAgent’s encroachment, Apple removed the malware app from the App Store, although it’s yet to officially comment on the issue and how the app came to be available on the App Store in the first place. Similar titles include “Who Viewed My Profile” and “Who Viewed My Instagram Profile”.
InstaAgent is quite popular in a few markets – in Germany for example, it was among the top 30 most popular apps.
Advertisement
There is a reason why developers have repeatedly warned its users from turning to third-party apps and services, which is why apps like WhatsApp have banned users who were found to be using third-party WhatsApp apps and services, like WhatsApp+. It’s hard to figure out the exact number of compromised accounts, but Layer-Reiss claims more than 500,000 users installed the app. Known as XcodeGhost, the program infected legitimate apps in order to collect user data. But before it was it was downloaded hundreds of thousands of times.
