Page 10 - index
P. 10

ESET discovers new Instagram

credential stealers on Google Play

Researchers at ESET, a global leader in proactive cy- As shown in the following screenshot from our analysis
bersecurity, have discovered 13 new Instagram creden- of one of these apps, “Instagram Followers”, it requires
tial stealers on the Google Play store and provided the user to log in via an Instagram lookalike screen.
greater insight into the motivations behind their fraudu- The credentials entered into the form are then sent to
lent schemes. the attackers’ server in plain text. After having entered
the credentials, the user will find it impossible to log in,
Instagram users have recently been the target of several as explained in an “incorrect password” error screen.
new credential stealing apps, appearing on Google Play
as tools for either managing or boosting the number of The error screen also features a note suggesting the
Instagram followers. user visits Instagram’s official website and verifies their
account in order to sign in to the third-party app. As the
Under the detection name Android/Spy.Inazigram, 13 victims are notified about unauthorized attempt to log in
malicious applications were discovered in the official on their behalf and prompted to verify their account as
Google Play store. The apps were phishing for Insta- soon as they open Instagram, the note aims to lower
gram credentials and sending them to a remote server. their suspicion in advance.

While they appear to have originated in Turkey, some
apps used English localization to target Instagram users
worldwide. Altogether, the malicious apps have been
installed by up to 1.5 million users. Upon ESET’s notifi-
cation, all 13 apps have been removed from the store.

How do they operate?

All the applications employed the same technique of har-
vesting Instagram credentials and sending them to a
remote server. To lure users into downloading, the apps
promised to rapidly increase the number of followers,
likes and comments on one’s Instagram account.

Ironically, the compromised accounts were used to raise
follower counts of other users.

10 March 2017 - Social Media & Influencer Marketing
   5   6   7   8   9   10   11   12   13   14   15