Ranking free app InstaAgent stole Instagram passwords
Apple today has pulled a popular Instagram client from the App Store after it was found to be harvesting usernames and passwords.
The app in question, called Who Viewed Your Profile – InstaAgent and developed by Turker Bayram, purported to analyze users’ profiles so as to show who viewed them.
The foul intentions of Who Viewed Your Profile – InstaAgent (that’s the app’s full name) were discovered by Peppersoft developer David Layer-Reiss, who shared his findings on Twitter.
Google responded quickly to the revelation, removing the app from its Play Store, but Apple took a little longer to kill any mention of InstaAgent from the App Store, finally removing it a few hours after the first tweets indicated its malicious intentions.
Apple and Google recently found that a really famous Instagram app was stealing users’ passwords and posting images of users without permission. But it is not usually possible for such apps to work, since the same social networks don’t share that data with third-party apps either. Apple eventually wiped the store and then hosted official copies of Xcode on Chinese servers to speed up download times, which was the main reason developers in the country had turned to illegitimate versions of the software.
It’s rather worrying that InstaAgent made it through the review process, but even more so that InstaAgent was nearly unscrutinised as one of the top apps for so long. Also, if you are using the similar Instagram password for other accounts, it is recommended you change them as well.
The app is now gone, but hundreds of thousands of Instagram accounts are already compromised.