Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name

Last November, a malicious app called InstaAgent was caught storing the usernames and passwords of Instagram users, sending them to a suspicious remote server. After the app's activities came to light, Apple removed it from the App Store, but it now appears Turker Bayram, the developer behind the app has managed to get two new apps approved by Apple, (and Google) both of which are stealing Instagram account info.

Peppersoft developer David L-R, who discovered the insidious password-sniffing feature in the first InstaAgent app, last week wrote a post outlining new password stealing apps created by Bayram. Called "Who Cares With Me - InstaDetector" and "InstaCare - Who Cares With Me," the apps are available on Android and iOS devices.

instacare
The original InstaAgent app attracted Instagram users by promising to track the people who visited their Instagram account, and the two new apps make similar promises. Both apps say they display a list of users who interact most often with an Instagram account, asking users to log in with an Instagram username and password.

David L-R investigated Bayram's new apps and discovered a suspicious HTTPS packet, leading him to uncover a complex encryption process used to covertly send usernames and passwords to a third-party server and hide the evidence. He found both the Android and iOS versions of the app send Instagram account information to unknown servers.

As I had a closer look to the iOS app I found out that the app steals the Instagram password & username to send it encrypted to "unknown" servers. The "password-stealing" algorithm and the encryption seems to be the same as in "InstaCare - Who cares with me?" a new iOS app from the "InstaAgent" developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here.

Multiple reviews on the iOS App Store claim that after using the malicious Instagram apps, their accounts were compromised with spam photos advertising the app that were uploaded to their feeds. As with InstaAgent, the apps show up prominently in the Top Charts in some countries, though not in the United States.

appstorereviews
Bayram's ability to get multiple new apps approved by Apple after having been found guilty of harvesting Instagram account information speaks towards the glaring issues in Apple's app review policies. It is unclear how a developer who was caught operating a malicious app was able to get additional apps past Apple's radar.

There are dozens if not hundreds of low-quality third-party apps that promise to provide Instagram users with followers and other perks, which should be avoided to avoid having account information stolen. Instagram cautions against installing third-party apps that don't follow its Community Guidelines and says such apps are "likely attempts to use your account in an inappropriate way."

(Thanks, Şizofrenik!)

Top Rated Comments

(View all)
Avatar
57 months ago
Why doesn't Apple pursue criminal charges against these "developers"?
Score: 23 Votes (Like | Disagree)
Avatar
57 months ago
Revoke their accounts and certificates.
Score: 20 Votes (Like | Disagree)
Avatar
57 months ago
How the hell did Apple approve these Apps knowing what they did about Bayram?
Score: 14 Votes (Like | Disagree)
Avatar
57 months ago
Fool Apple once - shame on them
Fool Apple twice - shame on Apple for not sending them to the white room prison the first time
Score: 11 Votes (Like | Disagree)
Avatar
57 months ago
I can see the app review process being a daunting one given the volume Apple sees in App Store but it is disturbing that this type of thing gets through once let alone repeatedly.
Score: 10 Votes (Like | Disagree)
Avatar
57 months ago
Honestly, I think there's starting to be a lack of quality control from Apple. Not trying to scold them or anything, but it's been multiple times in fairly short intervals that a malicious app like this appeared on the store.
Score: 10 Votes (Like | Disagree)

Top Stories

iPhone Maker Foxconn Says China's 'Days as the World's Factory Are Done'

Wednesday August 12, 2020 7:55 am PDT by
China will no longer be the world's manufacturing epicenter going forward, according to Apple's largest supply chain partner Foxconn, which has been gradually expanding its operations in other countries amid the U.S.-China trade war. "No matter if it's India, Southeast Asia or the Americas, there will be a manufacturing ecosystem in each," said Foxconn chairman Young Liu, according to Bloombe...

Leaker Jon Prosser: Apple Watch and iPad Launching in September, iPhone 12 Event to Take Place in October

Wednesday August 12, 2020 4:31 pm PDT by
Apple last month confirmed that this year's iPhone 12 models will launch outside of their normal September timeframe and will be "available a few weeks later," which has led to speculation about when an event might be held. Leaker Jon Prosser, who sometimes shares accurate knowledge of Apple's plans, today said that Apple will hold its iPhone 12 event during the week of October 12, with...

Apple Takes Legal Action Against Small Company With Pear Logo

Saturday August 8, 2020 11:09 am PDT by
Apple is taking legal action against the developers of the app "Prepear" due to its logo, according to iPhone in Canada. Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of "Super Healthy Kids," and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear's logo, ...

Apple to Launch Bundled Subscription Services Called 'Apple One'

Thursday August 13, 2020 3:41 am PDT by
Apple will launch a new range of subscription service bundles called "Apple One" as soon as October, according to a new report by Bloomberg's Mark Gurman. The series of bundles would allow customers to subscribe to several Apple digital services together. This is expected to result in a lower monthly price than when the services are subscribed to individually. Bloomberg reports that the...

Apple Releases iOS and iPadOS 13.6.1 With Fix for Storage Issue and Green Tinted Displays

Wednesday August 12, 2020 1:31 pm PDT by
Apple today released iOS and iPadOS 13.6.1, minor updates that come a month after the release of the iOS 13.6 update with Car Keys and Audio Apple News+ stories. The iOS and ‌iPadOS‌ 13.6.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General > Software Update. iOS 13.6.1 addresses an issue that could cause...

Apple May Release 4G-Only iPhone 12 in Early 2021

Tuesday August 11, 2020 5:28 am PDT by
In a research note shared by Business Insider, Wedbush Securities analysts said that Apple may release a cheaper iPhone 12 in early 2021 with no 5G connectivity. Wedbush initially believed Apple would launch a mix of 4G and 5G iPhone 12 models this fall. Following re-examination of Asian supply chains, analysts Daniel Ives, Strecker Backe, and Ahmad Khalil revised the predictions,...

Apple Removes Fortnite From App Store [Update: Epic Files Lawsuit Against Apple]

Thursday August 13, 2020 11:58 am PDT by
Just hours after Epic Games introduced a new direct payment option for Fortnite that skirts Apple's in-app purchase rules, Apple has pulled the Fortnite app from the App Store. Fortnite is no longer available for download on the iPhone or the iPad, and Apple provided a statement to MacRumors on Fortnite's removal:Today, Epic Games took the unfortunate step of violating the App Store...

iPad Pro Keyboard Comparison: Logitech's $160 Folio Touch vs. Apple's $300 Magic Keyboard

Tuesday August 11, 2020 2:11 pm PDT by
Logitech recently debuted the Folio Touch, a keyboard and trackpad case designed for the 11-inch iPad Pro that serves as an alternative to the Magic Keyboard. In our latest YouTube video, we compare the $160 Folio Touch to Apple's $300 Magic Keyboard to see which is better. Subscribe to the MacRumors YouTube channel for more videos. Logitech is selling the Folio Touch for $160, while Apple's...

Apple Releases macOS Catalina 10.15.6 Supplemental Update With Virtualization Bug Fix

Wednesday August 12, 2020 1:20 pm PDT by
Apple today released a supplemental update for macOS Catalina 10.15.6, with the update coming a month after the original launch of macOS Catalina 10.15.6. The ‌‌macOS Catalina‌‌ 10.15.6 Supplemental Update can be downloaded from the Mac App Store using the Update feature in the System Preferences app. According to Apple's release notes, the update fixes a problem that could cause...

Kuo: Global iPhone Shipments Could Decline Up to 30% If Apple Forced to Remove WeChat From App Store [Updated x2]

Sunday August 9, 2020 10:17 pm PDT by
In a worst-case scenario, Apple's annual global iPhone shipments could decline by 25–30% if it is forced to remove WeChat from its App Stores around the world, according to a new research note from analyst Ming-Chi Kuo viewed by MacRumors. The removal could occur due to a recent executive order aiming to ban U.S. transactions with WeChat and its parent company Tencent. Kuo lays out...