Malicious App 'InstaAgent' Sends Instagram Passwords to Unknown Server, Posts Spam in Users' Feeds

InstaAgent, an app that connects to Instagram and promises to track the people that have visited a user's Instagram account, appears to be storing the usernames and passwords of Instagram users, sending them to a suspicious remote server.

An app developer from Peppersoft downloaded InstaAgent -- full name "Who Viewed Your Profile - InstaAgent" -- and discovered it's reading Instagram account usernames and passwords, sending them via clear text to a remote server - instagram.zunamedia.com.

passwordzunemedia
InstaAgent is also using the credentials to log into accounts and post unauthorized images. Instagram does not permit third-party apps to upload photos to user accounts.

instagramunauthorizedposting
While InstaAgent isn't particularly popular in the United States, it is currently the number one free app in both the United Kingdom and Canada, with thousands of downloads that puts a huge number of Instagram users at risk of having their information stolen. In the Google Play store, the app had between 100k and 500k users, and the install numbers could be similar for iOS.

topapps
Google has removed the InstaAgent Android app from the Google Play store, but InstaAgent is still available in the iOS App Store for the time being. Anyone who has downloaded InstaAgent should delete the app immediately and change their Instagram password.

Passwords for other sites and accounts that were the same as the Instagram password should also be changed as a precaution. We also highly recommend a password management app like 1Password, which can generate unique complex passwords for each and every site or service. Instagram also advises against installing third-party apps that don't follow its Community Guidelines.

There are dozens if not hundreds of third-party apps that promise to provide Instagram users with followers and other perks, and these kind of apps should be avoided. According to Instagram, these apps are "likely an attempt to use your account in an inappropriate way" as InstaAgent does.

Update 3:20 p.m. Pacific Time: InstaAgent has now been removed from the iOS App Store.

Top Rated Comments

gpsouza Avatar
77 months ago
We are getting lots of fake apps into the AppStore while lots of good apps are rejected because some silly thing that no one cares.
Score: 42 Votes (Like | Disagree)
BigHam Avatar
77 months ago
After they remove this crap, they should remove instagram while they're at it.
Score: 26 Votes (Like | Disagree)
Phil A. Avatar
77 months ago
While it's easy to victim blame people who have been caught out by this, it highlights a big issue with the curated App Store model: many people implicitly trust that any app that Apple has allowed onto the store will not be malicious and they will therefore do stupid things (such as providing their login details)

This is a massive breach of trust by Apple and they need to take the review process a hell of a lot more seriously than they appear to be doing

It's also ironic that Google have already killed this on their store, but it's still there on the iOS store!
Score: 17 Votes (Like | Disagree)
Caseynd Avatar
77 months ago
slipped it past the monitors eh? sounds like they need some better app approvers
Score: 16 Votes (Like | Disagree)
applerocks Avatar
77 months ago
How on earth did Apple approve this? Goodness. Wonder if they also posted the Facebook privacy message on their news feed, and sent money to recover their long-lost uncle in Africa.

Seems like the appropriate time for Apple to use the "kill switch" on iOS Apps and shut this thing down.
Score: 15 Votes (Like | Disagree)
Goldfrapp Avatar
77 months ago
After they remove this crap, they should remove instagram while they at it.
Why? What's wrong with Instagram? They should remove SnapChat and Yik Yak.
Why? What's wrong with Snapchat and Yik Yak? They should remove Grindr and Facebook.
Score: 13 Votes (Like | Disagree)

Top Stories

iphone 11 night mode photos

Apple Reveals New Night Mode Photo Feature Exclusive to iPhone 11 Series

Tuesday September 10, 2019 12:23 pm PDT by
Apple today announced the iPhone 11, iPhone 11 Pro, and the iPhone 11 Max, all-new models that boast improved cameras, and specifically, a dramatic new Night Mode photo feature. Last year, Google introduced its impressive Night Sight camera mode, a software-based feature that allows users to take detailed pictures in dark environments using Google Pixel smartphones. Apple's new Night...
maxresdefault

Craig Federighi and Greg Joswiak Discuss iPadOS 15, macOS Monterey, Privacy, Shortcuts on Mac, and More

Saturday June 12, 2021 6:12 am PDT by
As is tradition, Apple executives Craig Federighi and Greg Joswiak joined Daring Fireball's John Gruber in an episode of The Talk Show to discuss several announcements that Apple made over this weeks WWDC, including iPadOS 15, macOS Monterey, and a large focus around privacy. Federighi kicks off the conversation discussing the common architecture, now thanks to Apple silicon, across all of...
affinity designer contour tool

Serif Updates Affinity Photo, Designer, and Publisher With New Tools and Functions

Thursday February 4, 2021 1:58 am PST by
Serif today announced across-the-board updates for its popular suite of Affinity creative apps, including Affinity Photo, Affinity Designer, and the Apple award-winning Affinity Publisher for Mac, all of which were among the first professional creative suites to be optimized for Apple's new M1 chip. "After another year which saw record numbers of people switching to Affinity, it's exciting to...
studio buds family

Beats Studio Buds Debuting Today With Active Noise Cancellation, Stemless Design, and More for $150

Monday June 14, 2021 8:00 am PDT by
We've seen a lot of teasers about the Beats Studio Buds over the past month since they first showed up in Apple's beta software updates, and today they're finally official. The Beats Studio Buds are available to order today in red, white, and black ahead of a June 24 ship date, and they're priced at $149.99. The Studio Buds are the first Beats-branded earbuds to truly compete with AirPods...
iPhone 13 Dummy Thumbnail 2

Kuo: iPhone 13 to Feature LEO Satellite Communications to Make Calls and Texts Without Cellular Coverage

Sunday August 29, 2021 7:39 am PDT by
The iPhone 13 will feature low earth orbit (LEO) satellite communication connectivity to allow users to make calls and send messages in areas without 4G or 5G coverage, according to the reliable analyst Ming-Chi Kuo. In a note to investors, seen by MacRumors, Kuo explained that the iPhone 13 lineup will feature hardware that is able to connect to LEO satellites. If enabled with the relevant...
homepod feature blue2

Looking to Grab a HomePod Before They're Gone? These Retailers Still Have Stock

Monday March 15, 2021 6:54 am PDT by
Apple last week discontinued the original HomePod, marking just over three years on the market for the full-size smart speaker. If you're looking to purchase the larger HomePod before it's completely gone, there are still some options online today. The biggest retailer with remaining stock on the HomePod is Apple itself, which has the White HomePod for $299.00 on its website. Space Gray is...
maxresdefault

Apple Releases Redesigned 'Apple TV Remote' App for iPhone

Monday August 1, 2016 11:59 am PDT by
Apple today released an all new Apple TV Remote app for the iPhone, which is used to control the fourth-generation Apple TV along with older Apple TV models. Announced at WWDC, the new Remote app has been available for developers since June and was released to the public this afternoon. The new Remote app, which connects to an Apple TV via Bluetooth, mimics the exact layout of the physical...
youtube apple tv

YouTube Discontinuing 3rd-Generation Apple TV App, AirPlay Still Available

Wednesday February 3, 2021 3:09 pm PST by
YouTube is planning to stop supporting its YouTube app on the third-generation Apple TV models, where YouTube has long been available as a channel option. A 9to5Mac reader received a message about the upcoming app discontinuation, which is set to take place in March.Starting early March, the YouTube app will no longer be available on Apple TV (3rd generation). You can still watch YouTube on...
iwork macos monterey icons

macOS 12 Monterey Beta 5 Reveals Updated iWork Icons

Thursday August 12, 2021 12:00 pm PDT by
Apple is working on updated icons for the macOS versions of its iWork apps, according to images discovered by MacRumors. The new icons are included in the framework of macOS 12 Monterey beta 5 that handles the display of collaboration links in apps such as iMessage. Pages, Numbers, and Keynote icons found in macOS Monterey The images of the new macOS iWork icons for Pages, Numbers, and...
corellium

Apple and Corellium Agree on Settlement to Bring Lawsuit to an End

Tuesday August 10, 2021 11:36 pm PDT by
Apple this week dropped its long-standing lawsuit against Corellium, the security research company that provides security researchers with a replica of the iOS operating system, allowing them to locate possible security exploits within Apple's mobile operating system, The Washington Post reports. Apple filed a lawsuit against Corellium in 2019, claiming the security company was infringing...