A popular Instagram client – ‘InstaAgent’ was pulled from the Apple store by the tech giant after the application was found to ‘harvest’ account user names and passwords.
A Twitter user and iOS developer has uncovered a popular Instagram companion application that has found to steal users’ account credentials including usernames and passwords. ‘InstaAgent’ as it is dubbed advertises itself as a “Who Viewed Your Profile” data application.
According to Apple Insider, the developer dug into the application’s code to discover sensitive account information that was send without any encryption to a remote server, instagra.zunamedia.com. The nefarious harvesting tool has even been known to log in to an account on the user’s behalf to post photos onto the targeted user’s Instagram feed. Such hijacks are of course done without the user’s consent. The iOS developer also notes that the remote server receiving the unencrypted data is not connected or affiliated with Instagram’s official network in any capacity.
Another Instance of Malware in the App Store
It is important to note that InstaAgent was a wildly popular free application that often figured at the top end of most charts in a vast number of countries including Canada and the UK. The unfortunate reality of the discovery is that thousands, if not hundreds of thousands of Instagram users’ account credentials are now in the hands of the author behind a malicious application masquerading as a companion Instagram application.
Related Article: 2015: The Most Prolific Year for OS X Malware, Ever
The fact that the application managed to stay around for as long as it has after going through Apple’s stringent review process shows that Apple’s hard-to-infiltrate App Store is also being targeted by malicious operators, more than ever before. InstaAgent is a popular application, a cross-platform app at that and its Android variant was promptly removed from the Google Play store earlier today.
After years of little or no malware incidents, 2015 has proven Apple to be among the many consumer-technology companies to fall prey to agents of malware through malicious applications or malicious toolkits, the likes of XcodeGhost which led to the first major malware breakout in the Apple Store earlier this year. Altogether, 2015 is now the most prolific year for OS X malware ever.