Apple has removed a piece of malware from the App Store which was posing as an Instagram client but was in fact stealing the login credentials from users of the popular social network.
The app, called InstaAgent, which promised to tell you who was viewing your Instagram profile, has been removed from both the Apple App Store and Google's Play Store after a German developer investigated the app's code and found the people behind the app where secretly hiving off users unencrypted information, allowing them to log in to the users accounts and even upload images to those accounts.
The problem was discovered by iOS developer David Layer Reiss who found the app was sending the details to a remote server and he estimated that up to half a million people may have had their accounts compromised by the app. When asked if it had pulled the app from its App Store, Apple declined to comment, but the only people who could remove the app would be the developer or the iPhone maker.
I would say "Who Viewed Your Profile - InstaAgent" is the first malware in the iOS Appstore that is downloaded half a million times.
— David L-R (@PeppersoftDev) November 10, 2015
Instagram has responded by warning its users against using these types of apps: “These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user's accounts in an inappropriate way. We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password,” an Instagram spokeperson told IBT in an emailed statement.
While the app has been removed, that doesn't help the thousands of users of the app who may already have had their accounts compromised with some users already reporting the people behind InstaAgent posting spam images on their accounts. Of course InstaAgent isn't able to show people who has been viewing their profiles, in the same way many Facebook scams claiming to be able to show you who is looking at your profile are not able to fulfill those promises.
InstaAgent was among the top apps in certain countries around the world, including the U.K. and Canada while on Google's Play Store, which is more prone to malware of this kind, it has been downloaded a similar number of times to Reiss's suggested infection rate.
Apple is increasingly having to deal with malware on its App Store and most recently had to remove a large number of malicious apps which were impacting Chinese users after developers used a modified version of coding tool Xcode to create their apps, inadvertently adding malicious code to the software.