InstaAgent: Top Android and iPhone Instagram client was built to steal logins, post spam on users’ feeds

The app had been top of the charts in the UK and Canada before it was pulled from the stores

Andrew Griffin
Wednesday 11 November 2015 10:41 GMT
Comments
Instagram CEO Kevin Systrom said his company's nudity policy was based on App Store rules
Instagram CEO Kevin Systrom said his company's nudity policy was based on App Store rules (EMMANUEL DUNAND/AFP/Getty Images)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

An Instagram client that was at the top of the iPhone and Android app stores was secretly harvesting logins and posting photos without users knowing it.

InstaAgent claimed that it would allow people to see who had been viewing users’ Instagram accounts. In fact it appeared to be forcing people to log into Instagram, stealing their passwords and sending them off to an unknown server as well as using them to post spam onto feeds.

The app has now been removed from the Google Play Store and the App Store. But before it was it was downloaded hundreds of thousands of times.

If users did download and use the app, the best course of action is to change the password, revoke access for the app on Instagram’s site and ensure that any other accounts that use the same login is changed too. It is a good idea to then watch for — and report or delete — any suspicious activity.

InstaAgent reached the top of the UK and Canadian App Stores. That probably meant that it had been downloaded over 500,000 times, according to the developer who first found the problems.

Scams often offer the opportunity to see who has viewed profiles on specific sites, since most major social networks don’t offer the option. But it is not usually possible for such apps to work, since the same social networks don’t share that data with third-party apps either.

There are still many apps with similar names — such as “Who’s Viewed My Profile” — available on the App Store.

Instagram recommends against using any apps that offer features that break its terms of service, which also includes websites selling likes or promising free followers. Such apps are “likely an attempt to use your account in an inappropriate way”, Instagram warns.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in