Hacked: Hacking Finance

InstaAgent = InstaTheft – Google and Apple Move to Rid Instagram Malware

Introduction

P. H. Madore

P. H. Madore

P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and is currently nearing the completion of a cryptocurrency exchange in concert with the firm he primarily works for, Vermont Secure Computing Consultancy.


LATEST POSTS

ICO Analysis: Much Ado About OneGram 21st May, 2017

ICO Analysis: Monaco 19th May, 2017

Breaches

InstaAgent = InstaTheft – Google and Apple Move to Rid Instagram Malware

Posted on .

InstaAgent was an app in both the Apple App Store and the Google Play Store which claimed to show the user who was looking at their Instagram profile.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

Never underestimate the vanity of millennials, since as many as half a million installed the app. It rose on the charts near Candy Crush levels. The developer was making money through in-app purchases, selling people information about the top viewers on their profile and so forth.

However, at the same time the app most likely had no idea who was actually viewing Instagram profiles, it was stealing credentials and transmitting them back to a remote server, as iOS developer David Layer-Reiss is credited with discovering. Despite unreliable metrics, one website shows the app having reached the top spot in 15 countries, a truly incredible feat for something that has less real utility than a fart prank app. Speaking to the BBC, Instagram said of the debacle:

These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user’s accounts in an inappropriate way. We advise against installing third-party apps like these. Anyone who has downloaded this app should delete it and change their password.

To be fair, Instagram has also encouraged users not to use apps which did not present any harm, such as the one that allowed users to upload from the desktop, called Uploader for Instagram, earlier this year. The company said the app, which allowed the user to upload photos from the desktop simply by using a context menu on Finder, violated its policies. It moved with legal action on creator Caleb Benn, and the app is currently no longer available on the App Store.

Anyone who installed the InstaAgent application can assume that their account has been compromised. They should probably reset their account passwords. Hopefully, none of these hundreds of thousands of users were using passwords that might work on other major sites, but such a hope would most likely be in vain, as that practice is still somewhat common.

It was perhaps more surprising that Apple’s gatekeepers let the InstaAgent application through, as they have historically had much tighter control on what sorts of applications users have to pick from. It also remains unclear whether the InstaAgent creator will reap the rewards of his creation through the in-app purchases people were making.

Hacking of the kind that was conducted, stealing user names and passwords, can be punished pretty severely under the Computer Fraud and Abuse Act, but the government could take years to penalize the creator, if they did so at all. If nothing else, most users have a lawsuit against – somebody. Be it Google, Apple, or the creator himself, someone has to account for this software being offered in an apparently legitimate repository and then ripping off their login details.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

P. H. Madore

P. H. Madore

http://phm.link

P. H. Madore lives in Arkansas with his wife and children. He has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and is currently nearing the completion of a cryptocurrency exchange in concert with the firm he primarily works for, Vermont Secure Computing Consultancy.

There are no comments.

View Comments (0) ...
Navigation
Fitness bracelets and Apple Watches are passé. Tattoos that shine…