Lately, credential stealing campaigns and Instagram go hand in hand as we have seen so many credential stealers targeting social networking app users.
These campaigns circulate on Google Play in the form of tools designed to increase the number of followers on Instagram.
Recently, 13 malicious apps were identified to be uploaded on Google Play Store.
Their detection code was Android/Spy.Inazigram.
The purpose of these malicious apps was to look for Instagram credentials and transfer the information to a remote server.
According to ESET security researchers, the campaign’s origins were located in Turkey, but some had English localization.
This means the campaign is designed to target Instagram users around the world.
It is quite disturbing that these malicious apps have already been downloaded and installed by around 1.5 million Instagram users across the globe.
When ESET notified Google about it, the company quickly removed the 13 infected apps.
To steal Instagram’s login credentials, these malicious apps lure users through Phish attack so that they download the app considering it will increase the number of their followers, likes, and comments within no time. However, as is the case in such phish attacks, the account gets hijacked.
Attackers receive the login credentials in plain text format, and as soon as they receive it, the victim is unable to login to his/her Instagram account.
In response to their attempts to log in, victims only receive Incorrect Password message.
This error screen contains a note as well in which it is suggested that the victim must visit the official website of Instagram to verify the account and sign-in to a third-party app.
Compromised Instagram accounts are like a huge treasure for malicious threat actors and cybercriminals as they can distribute spams and ads and make use of the valuable assets on the account, which happens to be the Followers, Likes and Comments.
If you think that you might have downloaded one of these 13 infected apps, you need to carry out security measures immediately to protect your account.
You can identify the icon of these apps under your installed applications folder.
In case you receive notification from Instagram regarding failed login attempt by someone and you are asked to verify your account then do not pay attention to this message.
It is also part of the credential stealing campaign.
Quickly uninstall malicious apps from your phone’s Application Manager Folder and always use reliable mobile security software to prevent malware from invading your phone.
To protect your Instagram account, change the password as soon as possible especially if you use the same password across various platforms.
We suggest that you use a different password for all of your social media, email and other subscription accounts.