Security researchers have discovered a number of malicious apps on the Google Play store that are designed to illicitly obtain a victim’s Instagram login information.
Posing as tools for acquiring more Instagram followers, the apps were actually designed to phish for passwords and usernames for Instagram accounts, allowing criminals to gain control of those accounts to promote spammy websites.
Security firm ESET reports that the dangerous apps – 13 in total – have been downloaded over 1.5 million times. They also report that since alerting Google of the discovery, all the apps have now been removed.
Users with Android phones are always advised to install apps from Google’s “trusted” Play Store and not from third party websites since Google vet apps to ensure they’re legitimate. However, this is another demonstration that Google’s Play store can’t be trusted completely.
The malicious apps all promised Android users they could boost their Instagram followers. When installed on a phone, the app would ask the user to enter their username and password into a login screen. However the login screen would then send that information to the developers of the malicious apps.
Sponsored Content. Continued below...
Remember to keep your mobile phones safe. Even if an app is on the Google Play store, it may not be safe. So remember to be cautious of suspicious sounding apps and be wary of apps with little or no user feedback.
Also consider enabling two factor authentication for your Instagram account. That way, even if the criminals do obtain your Instagram password, they would still need an additional layer of security to access your account, most commonly a PIN sent to your phone through SMS.
Thanks for reading, we hope this article helped, but before you leave us for greener pastures, please help us out.
We're hoping to be totally ad-free by 2025 - after all, no one likes online adverts, and all they do is get in the way and slow everything down. But of course we still have fees and costs to pay, so please, please consider becoming a Facebook supporter! It costs only 0.99p (~$1.30) a month (you can stop at any time) and ensures we can still keep posting Cybersecurity themed content to help keep our communities safe and scam-free. You can subscribe here
Remember, we're active on social media - so follow us on Facebook, Bluesky, Instagram and X