Apple's Beats brand in April unveiled the Powerbeats Pro, a redesigned wire-free version of its popular fitness-oriented Powerbeats earbuds.
Malicious App 'InstaAgent' Sends Instagram Passwords to Unknown Server, Posts Spam in Users' Feeds
InstaAgent, an app that connects to Instagram and promises to track the people that have visited a user's Instagram account, appears to be storing the usernames and passwords of Instagram users, sending them to a suspicious remote server.
An app developer from Peppersoft downloaded InstaAgent -- full name "Who Viewed Your Profile - InstaAgent" -- and discovered it's reading Instagram account usernames and passwords, sending them via clear text to a remote server - instagram.zunamedia.com.
InstaAgent is also using the credentials to log into accounts and post unauthorized images. Instagram does not permit third-party apps to upload photos to user accounts.
While InstaAgent isn't particularly popular in the United States, it is currently the number one free app in both the United Kingdom and Canada, with thousands of downloads that puts a huge number of Instagram users at risk of having their information stolen. In the Google Play store, the app had between 100k and 500k users, and the install numbers could be similar for iOS.
Google has removed the InstaAgent Android app from the Google Play store, but InstaAgent is still available in the iOS App Store for the time being. Anyone who has downloaded InstaAgent should delete the app immediately and change their Instagram password.
There are dozens if not hundreds of third-party apps that promise to provide Instagram users with followers and other perks, and these kind of apps should be avoided. According to Instagram, these apps are "likely an attempt to use your account in an inappropriate way" as InstaAgent does.
Update 3:20 p.m. Pacific Time: InstaAgent has now been removed from the iOS App Store.
An app developer from Peppersoft downloaded InstaAgent -- full name "Who Viewed Your Profile - InstaAgent" -- and discovered it's reading Instagram account usernames and passwords, sending them via clear text to a remote server - instagram.zunamedia.com.
InstaAgent is also using the credentials to log into accounts and post unauthorized images. Instagram does not permit third-party apps to upload photos to user accounts.
While InstaAgent isn't particularly popular in the United States, it is currently the number one free app in both the United Kingdom and Canada, with thousands of downloads that puts a huge number of Instagram users at risk of having their information stolen. In the Google Play store, the app had between 100k and 500k users, and the install numbers could be similar for iOS.
Google has removed the InstaAgent Android app from the Google Play store, but InstaAgent is still available in the iOS App Store for the time being. Anyone who has downloaded InstaAgent should delete the app immediately and change their Instagram password.
I would say "Who Viewed Your Profile - InstaAgent" is the first malware in the iOS Appstore that is downloaded half a million times.
— David L-R (@PeppersoftDev) November 10, 2015There are dozens if not hundreds of third-party apps that promise to provide Instagram users with followers and other perks, and these kind of apps should be avoided. According to Instagram, these apps are "likely an attempt to use your account in an inappropriate way" as InstaAgent does.
Update 3:20 p.m. Pacific Time: InstaAgent has now been removed from the iOS App Store.
Tags: Instagram, InstaAgent
[ 98 comments ]
Top Rated Comments
(View all)
48 months ago
We are getting lots of fake apps into the AppStore while lots of good apps are rejected because some silly thing that no one cares.
48 months ago
While it's easy to victim blame people who have been caught out by this, it highlights a big issue with the curated App Store model: many people implicitly trust that any app that Apple has allowed onto the store will not be malicious and they will therefore do stupid things (such as providing their login details)
This is a massive breach of trust by Apple and they need to take the review process a hell of a lot more seriously than they appear to be doing
It's also ironic that Google have already killed this on their store, but it's still there on the iOS store!
This is a massive breach of trust by Apple and they need to take the review process a hell of a lot more seriously than they appear to be doing
It's also ironic that Google have already killed this on their store, but it's still there on the iOS store!
48 months ago
slipped it past the monitors eh? sounds like they need some better app approvers
48 months ago
How on earth did Apple approve this? Goodness. Wonder if they also posted the Facebook privacy message on their news feed, and sent money to recover their long-lost uncle in Africa.
Seems like the appropriate time for Apple to use the "kill switch" on iOS Apps and shut this thing down.
Seems like the appropriate time for Apple to use the "kill switch" on iOS Apps and shut this thing down.
48 months ago
After they remove this crap, they should remove instagram while they at it.
Why? What's wrong with Instagram? They should remove SnapChat and Yik Yak.
Why? What's wrong with Snapchat and Yik Yak? They should remove Grindr and Facebook.
48 months ago
While it's easy to victim blame people who have been caught out by this, it highlights a big issue with the curated App Store model: many people implicitly trust that any app that Apple has allowed onto the store will not be malicious and they will therefore do stupid things (such as providing their login details)
This is a massive breach of trust by Apple and they need to take the review process a hell of a lot more seriously than they appear to be doing
It's also ironic that Google have already killed this on their store, but it's still there on the iOS store!
I agree. I'm not a developer but just an average user with some common sense. While I wouldn't download an app like this, I think most trust that if it's on the app store, it at least won't steal your personal information. I mean, even Apple says not to download anything outside of the app store. That almost implies if it is in the app store, it should be trusted.
48 months ago
Why? What's wrong with Instagram? They should remove SnapChat and Yik Yak.
Why? What's wrong with Snapchat and Yik Yak? They should remove Grindr and Facebook.
Why? What's wrong with Grindr and Facebook? They should remove Kik and Tapatalk.
Why? What's wrong with Kik and Tapatalk? They should remove Path and Pinterest.[ Read All Comments ]
For this week's giveaway, we've teamed up with Reolink to offer MacRumors readers a chance to win an Argus 2 wire-free rechargeable home camera and a solar panel for charging it up outdoors.
...
Apple Music has renamed its "The A-List: Hip-Hop" playlist to "Rap Life."
Ebro Darden, global editorial head of hip-hop and R&B at Apple Music, will host a companion...
Samsung is believed to be Apple's exclusive supplier of OLED displays for iPhones, but it may have company soon.
In a research note shared with MacRumors, Barclays analysts said fellow...
1Password has restored the option for customers who originally purchased its iOS app to create a local vault during setup, after users queued up online to voice their frustrations with the fact that...
Apple is planning to open an office in highly desired location in Vancouver, Canada reports Bloomberg. The company has leased space in a 24-story office building at 400 West Georgia owned by...
Elevation Lab, known for its line of popular iPhone charging docks, today released the FamilyCharger, a multi-charging setup designed to allow you to charge all of your devices in one place.
The...
Apple today seeded the third beta of an upcoming macOS Catalina update to its public beta testing group, two weeks after seeding the second public beta and a day after seeding the fourth developer...
Apple today seeded the third beta of an upcoming tvOS 13 update to its public beta testing group, two weeks after seeding the second public beta and day after seeding the fourth developer beta of...
