Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name - MacRumors
Skip to Content

Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name

by

Last November, a malicious app called InstaAgent was caught storing the usernames and passwords of Instagram users, sending them to a suspicious remote server. After the app's activities came to light, Apple removed it from the App Store, but it now appears Turker Bayram, the developer behind the app has managed to get two new apps approved by Apple, (and Google) both of which are stealing Instagram account info.

Peppersoft developer David L-R, who discovered the insidious password-sniffing feature in the first InstaAgent app, last week wrote a post outlining new password stealing apps created by Bayram. Called "Who Cares With Me - InstaDetector" and "InstaCare - Who Cares With Me," the apps are available on Android and iOS devices.

instacare
The original InstaAgent app attracted Instagram users by promising to track the people who visited their Instagram account, and the two new apps make similar promises. Both apps say they display a list of users who interact most often with an Instagram account, asking users to log in with an Instagram username and password.

David L-R investigated Bayram's new apps and discovered a suspicious HTTPS packet, leading him to uncover a complex encryption process used to covertly send usernames and passwords to a third-party server and hide the evidence. He found both the Android and iOS versions of the app send Instagram account information to unknown servers.

As I had a closer look to the iOS app I found out that the app steals the Instagram password & username to send it encrypted to "unknown" servers. The "password-stealing" algorithm and the encryption seems to be the same as in "InstaCare - Who cares with me?" a new iOS app from the "InstaAgent" developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here.

Multiple reviews on the iOS App Store claim that after using the malicious Instagram apps, their accounts were compromised with spam photos advertising the app that were uploaded to their feeds. As with InstaAgent, the apps show up prominently in the Top Charts in some countries, though not in the United States.

appstorereviews
Bayram's ability to get multiple new apps approved by Apple after having been found guilty of harvesting Instagram account information speaks towards the glaring issues in Apple's app review policies. It is unclear how a developer who was caught operating a malicious app was able to get additional apps past Apple's radar.

There are dozens if not hundreds of low-quality third-party apps that promise to provide Instagram users with followers and other perks, which should be avoided to avoid having account information stolen. Instagram cautions against installing third-party apps that don't follow its Community Guidelines and says such apps are "likely attempts to use your account in an inappropriate way."

(Thanks, Şizofrenik!)

Tags: App Store, Instagram

Popular Stories

iOS App Store General Feature Black

Apple Pulls Vibe Coding App 'Anything' From App Store, Escalating Enforcement [Updated]

Monday March 30, 2026 2:33 pm PDT by
Apple has removed a "vibe coding" app from its App Store, reports The Information. AI app building app "Anything" was pulled from the App Store, and Anything co-founder Dhruv Amin was told that his app violated Guideline 2.5.2. "Vibe coding" is a term used for code generated using AI based on natural language with no coding experience necessary. Anything and other apps like it let users...
Read Full Article98 comments
Apple App Store Awards 2025

Apple Turns Off Payments in Russia

Thursday April 2, 2026 8:47 am PDT by
As of April 1, payment processing is no longer available for purchases made across the App Store and other Apple services in Russia, according to Apple. In a new support document, Apple said new purchases, in-app purchases, and subscription renewals are no longer available in Russia unless a user already has funds in their Apple Account balance, which can continue to be used. This change...
Read Full Article69 comments
app store blue banner epic 1

Apple Asks Court to Pause App Store Fee Fight While It Petitions Supreme Court in Epic Games Case

Monday April 6, 2026 1:32 pm PDT by
Apple plans to ask the United States Supreme Court to weigh in on the App Store fee restrictions and contempt of court ruling levied against it in the ongoing Epic Games vs. Apple legal battle. In a filing on April 3 (via TechCrunch), Apple asked the Ninth Circuit Court of Appeals to hold off on a plan that would see the U.S. Northern District of California decide on a reasonable commission...
Read Full Article97 comments

Top Rated Comments

japanime Avatar
japanime
132 months ago
Why doesn't Apple pursue criminal charges against these "developers"?
Score: 23 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
132 months ago
Revoke their accounts and certificates.
Score: 20 Votes (Like | Disagree)
macs4nw Avatar
macs4nw
132 months ago
How the hell did Apple approve these Apps knowing what they did about Bayram?
Score: 14 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
132 months ago
Fool Apple once - shame on them
Fool Apple twice - shame on Apple for not sending them to the white room prison the first time
Score: 11 Votes (Like | Disagree)
garirry Avatar
garirry
132 months ago
Honestly, I think there's starting to be a lack of quality control from Apple. Not trying to scold them or anything, but it's been multiple times in fairly short intervals that a malicious app like this appeared on the store.
Score: 10 Votes (Like | Disagree)
thisisnotmyname Avatar
thisisnotmyname
132 months ago
I can see the app review process being a daunting one given the volume Apple sees in App Store but it is disturbing that this type of thing gets through once let alone repeatedly.
Score: 10 Votes (Like | Disagree)
Read All Comments