back to article Instagram phishing apps pulled from Google Play

Security researchers have discovered 13 new Instagram credential-stealing apps on Google Play. The malicious apps, which pose as tools for either managing or boosting Instagram follower numbers, are actually designed to phish for Instagram credentials. The stolen credentials allow hackers to abuse compromised accounts in order …

  1. Lamont Cranston

    "in order to distribute spam and ads"

    [unflattering comparison to existing social networks here]

  2. Semtex451 Silver badge
    Gimp

    Forgive my ignorance, (I'm a fanboi) but why does it always take security researchers to discover this stuff in the Playshop or whatever?

    Is it really a self-policed freeforall?

    1. JCDenton

      Yes

      Last I heard, Google scans apps in a VM, similar method that anti virus software uses. In other words...NOT effective. Not sure, but I vaguely remember Apple runs the software on some big iPhone server thing, very closely simulating an actual iPhone. Not sure of the specifics, of course.

      So to summarize...Yes. It is a big 'ole self-policed free-for-all storm of crap. Google really needs to fix it, it makes their platform a complete mess.

    2. TheVogon Silver badge

      "Forgive my ignorance, (I'm a fanboi) but why does it always take security researchers to discover this stuff in the Playshop or whatever?"

      To be fair on Google, it's probably quite tough to vet this particular issue automatically. There are numerous valid reasons to store credentials as part of an application, and making sure the application doesn't forward them would likely be next to impossible, as many applications will require the real password forwarded rather than just a hash....

    3. Anonymous Coward
      Anonymous Coward

      They aren't researchers, they are sellers. Their aim is to scare you into buying their product. Their get-out is weasel words like "upto" and "possible", "potential" and all sorts of other crap.

  3. RyokuMas Silver badge
    Facepalm

    Afraid so...

    Google's too busy finding flaws in competitor products to get it's own house in order...

  4. Terry 6 Silver badge

    A mire

    Idiots wanting to get fake "likes" falling for crooks with fake apps.

  5. Anonymous Coward
    Anonymous Coward

    I'm enjoying sitting in my walled garden

    Listening to the howling and crying from the unhappy cheapskates living in the badlands outside.

    1. 's water music Silver badge

      Re: I'm enjoying sitting in my walled garden

      Mind your head on that bridge though

      :-)

      1. Terry 6 Silver badge

        Re: I'm enjoying sitting in my walled garden

        it's not the bridge that's the problem. Watch out for the big goat.

  6. Speltier
    Black Helicopters

    Clear Text

    So... just send the stolen credentials encrypted as a comment to another Instagram account so that there isn't obvious suspicion? Oh, that applies to the other 900 phishy apps developed by less lazy crooks.

  7. MatsSvensson

    I F hate companies that try to get me to install their shitty app.

    If you cant build a proper website, you probably cant build a usefull app either,

    so F right off.

  8. Bucky 2

    W.C. Fields

    This sounds like it fits into the "You Can't Cheat an Honest Man" category.

    Under the few circumstances where you might legitimately be interested in complete strangers looking at your Instagram photos, how would an app help?

    It sounds like scammers targeting spammers to me. And I have no problem with that.

  9. Longlive

    Oh, following boosters. Let Instagram do anything to ghosts. Certainly I can use https://spamguardapp.com/dashboard to clean my profile, but I think Instagram has to do it instead of me, am not I right?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019