Android malware disguised as Instagram mod app
Rather than acquiring new Instagram followers, app users lost their credentials and, in some cases, access to their social network.
Instagrammers seeking to expand their follower base are being duped with apps loaded with malware, security researchers at McAfee discovered. Hundreds of Instagram users might have lost their account credentials as a result.
Scammers lure the victims with a promise of an Android-based app that unlocks additional Instagram features by accessing social networks’ API.
Researchers have discovered that Youtube account holders with close to 200,000 subscribers create explainer videos about using malware-filled apps, such as InstaFollower. Several Instagrammers complained in Youtube comments that they had their accounts stolen after using the app.
The scam itself is rather mundane. Once victims install the app, they are prompted to enter their Instagram user and password. The in-app text suggests that the step is necessary to check user credentials via Instagram API.
After inspecting the app, McAfee researchers discovered that the initial code in the app lacks many features it boasts of having. As a result, users got scammed instead of receiving a spike in followers.
The promised safety of Instagram API servers is nonexistent. Once researchers entered their account details on the app, they promptly received a login attempt from a personal device in Turkey.
The researchers observed that as you request followers, the number of the following also increases, which means that victims’ credentials are used to increase the number of followers for other requesters. At least 400 Instagram account holders have given the scammers access, likely without understanding the risks involved.
Credential harvesting is a common tactic scammers use on social network users. Another social network owned by Meta, Facebook, is often targeted by fraudsters. Some scams can be so successful that they might net criminals behind the operation millions of dollars.
More from Cybernews:
Subscribe to our newsletter