Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name

by

Last November, a malicious app called InstaAgent was caught storing the usernames and passwords of Instagram users, sending them to a suspicious remote server. After the app's activities came to light, Apple removed it from the App Store, but it now appears Turker Bayram, the developer behind the app has managed to get two new apps approved by Apple, (and Google) both of which are stealing Instagram account info.

Peppersoft developer David L-R, who discovered the insidious password-sniffing feature in the first InstaAgent app, last week wrote a post outlining new password stealing apps created by Bayram. Called "Who Cares With Me - InstaDetector" and "InstaCare - Who Cares With Me," the apps are available on Android and iOS devices.

instacare
The original InstaAgent app attracted Instagram users by promising to track the people who visited their Instagram account, and the two new apps make similar promises. Both apps say they display a list of users who interact most often with an Instagram account, asking users to log in with an Instagram username and password.

David L-R investigated Bayram's new apps and discovered a suspicious HTTPS packet, leading him to uncover a complex encryption process used to covertly send usernames and passwords to a third-party server and hide the evidence. He found both the Android and iOS versions of the app send Instagram account information to unknown servers.

As I had a closer look to the iOS app I found out that the app steals the Instagram password & username to send it encrypted to "unknown" servers. The "password-stealing" algorithm and the encryption seems to be the same as in "InstaCare - Who cares with me?" a new iOS app from the "InstaAgent" developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here.

Multiple reviews on the iOS App Store claim that after using the malicious Instagram apps, their accounts were compromised with spam photos advertising the app that were uploaded to their feeds. As with InstaAgent, the apps show up prominently in the Top Charts in some countries, though not in the United States.

appstorereviews
Bayram's ability to get multiple new apps approved by Apple after having been found guilty of harvesting Instagram account information speaks towards the glaring issues in Apple's app review policies. It is unclear how a developer who was caught operating a malicious app was able to get additional apps past Apple's radar.

There are dozens if not hundreds of low-quality third-party apps that promise to provide Instagram users with followers and other perks, which should be avoided to avoid having account information stolen. Instagram cautions against installing third-party apps that don't follow its Community Guidelines and says such apps are "likely attempts to use your account in an inappropriate way."

(Thanks, Şizofrenik!)

Tags: App Store, Instagram

Popular Stories

Apple CarPlay Ultra instrument cluster themes 01

Apple's 'CarPlay Ultra' Experience Now Available

Thursday May 15, 2025 5:07 am PDT by
Apple today announced that its next-generation CarPlay experience, now dubbed "CarPlay Ultra" begins rolling out today, starting with Aston Martin vehicles. Subscribe to the MacRumors YouTube channel for more videos. CarPlay Ultra is now available with new Aston Martin vehicle orders in the U.S. and Canada. It will also be available for existing models that feature the brand's next-generation ...
Read Full Article88 comments
Apple CarPlay Ultra instrument cluster themes 01

Apple's CarPlay Ultra Is Here – Does Your iPhone Support It?

Thursday May 15, 2025 5:17 am PDT by
Apple's recently announced CarPlay Ultra promises a deeply integrated in-car experience, but not all iPhone users will be able to take advantage of the new feature. According to Apple's press release, CarPlay Ultra requires an iPhone 12 or later running iOS 18.5 or later. This means if you're using an iPhone 11, iPhone XR, or any older model, you'll need to upgrade your device to access...
Read Full Article
iOS 18

Apple Releases iOS 18.5 With New Wallpaper, Screen Time Changes, Carrier Satellite Support for iPhone 13 and More

Monday May 12, 2025 10:06 am PDT by
Apple today released iOS 18.5 and iPadOS 18.5, the fifth updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.5 and iPadOS 18.5 come a little over a month after Apple released iOS 18.4 and iPadOS 18.4. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. The iOS 18.5 update has a...
Read Full Article55 comments
iPhone 12 Made in India

Trump Tells Tim Cook to Stop Building iPhones in India

Thursday May 15, 2025 2:21 am PDT by
President Donald Trump has asked Apple CEO Tim Cook to halt the company's manufacturing expansion in India, in a potential disruption of Apple's plan to shift iPhone production away from China. "I had a little problem with Tim Cook yesterday," Trump said during his state visit to Qatar, according to Bloomberg. "He is building all over India." "They [India] have offered us a deal where...
Read Full Article197 comments
apple music

Apple Music Gets New Transfer Tool to Make Switching From Spotify Easier

Wednesday May 14, 2025 5:17 pm PDT by
Apple this week introduced a new feature designed to allow prospective Apple Music users to import their saved music and playlists from third-party music services to Apple Music. The feature is either in an expanded testing phase or it has started rolling out, and it is available in Australia and New Zealand according to an Apple Support document. Signs of the transfer option first surfaced...
Read Full Article66 comments
CarPlay Ultra Climate Controls

Apple Says These Vehicle Brands Plan to Offer All-New CarPlay Ultra

Thursday May 15, 2025 8:13 am PDT by
Apple today announced the launch of CarPlay Ultra, the long-awaited next-generation version of its CarPlay software system for vehicles. CarPlay Ultra features deep integration with a vehicle's instrument cluster and systems, built-in Radio and Climate apps, customizable widgets, and more. The interface is tailored to each vehicle model and automaker's identity, and drivers can also adjust...
Read Full Article100 comments
maxresdefault

Here's the First Real-World Look at Apple's CarPlay Ultra

Thursday May 15, 2025 5:52 am PDT by
The first videos of Apple's CarPlay Ultra experience are now available, providing a never-before-seen look at the long-anticipated iPhone-linked infotainment software. British automaker Aston Martin today shared the first video of Apple's CarPlay Ultra experience in-action, followed by a detailed walk-through of the CarPlay Ultra system on Top Gear's YouTube channel, which provides the...
Read Full Article76 comments

Top Rated Comments

japanime Avatar
japanime
119 months ago
Why doesn't Apple pursue criminal charges against these "developers"?
Score: 23 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
119 months ago
Revoke their accounts and certificates.
Score: 20 Votes (Like | Disagree)
macs4nw Avatar
macs4nw
119 months ago
How the hell did Apple approve these Apps knowing what they did about Bayram?
Score: 14 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
119 months ago
Fool Apple once - shame on them
Fool Apple twice - shame on Apple for not sending them to the white room prison the first time
Score: 11 Votes (Like | Disagree)
thisisnotmyname Avatar
thisisnotmyname
119 months ago
I can see the app review process being a daunting one given the volume Apple sees in App Store but it is disturbing that this type of thing gets through once let alone repeatedly.
Score: 10 Votes (Like | Disagree)
garirry Avatar
garirry
119 months ago
Honestly, I think there's starting to be a lack of quality control from Apple. Not trying to scold them or anything, but it's been multiple times in fairly short intervals that a malicious app like this appeared on the store.
Score: 10 Votes (Like | Disagree)
Read All Comments