© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Android malware disguised as Instagram mod app

Rather than acquiring new Instagram followers, app users lost their credentials and, in some cases, access to their social network.

Instagrammers seeking to expand their follower base are being duped with apps loaded with malware, security researchers at McAfee discovered. Hundreds of Instagram users might have lost their account credentials as a result.

Scammers lure the victims with a promise of an Android-based app that unlocks additional Instagram features by accessing social networks’ API.

Researchers have discovered that Youtube account holders with close to 200,000 subscribers create explainer videos about using malware-filled apps, such as InstaFollower. Several Instagrammers complained in Youtube comments that they had their accounts stolen after using the app.

The scam itself is rather mundane. Once victims install the app, they are prompted to enter their Instagram user and password. The in-app text suggests that the step is necessary to check user credentials via Instagram API.

After inspecting the app, McAfee researchers discovered that the initial code in the app lacks many features it boasts of having. As a result, users got scammed instead of receiving a spike in followers.

The promised safety of Instagram API servers is nonexistent. Once researchers entered their account details on the app, they promptly received a login attempt from a personal device in Turkey.

The researchers observed that as you request followers, the number of the following also increases, which means that victims’ credentials are used to increase the number of followers for other requesters. At least 400 Instagram account holders have given the scammers access, likely without understanding the risks involved.

Credential harvesting is a common tactic scammers use on social network users. Another social network owned by Meta, Facebook, is often targeted by fraudsters. Some scams can be so successful that they might net criminals behind the operation millions of dollars.

More from Cybernews:

Is a cyberattack on Starlink as bad as hacking a military satellite?

Hackers knock out two German energy suppliers

PACMAN capable of defeating Apple M1 chip: software updates crucial

Apple AirTag used to track and murder a man in the US

Here is how fast threat actors can encrypt your data

Subscribe to our newsletter


prefix 7 months ago
Can we start teaching cybersecurity to people as young as first or second grade. It's mind boggling that these people have zero clue what they are doing as well as willing to sign into an app that isn't the direct app they are using.
Leave a Reply

Your email address will not be published. Required fields are marked