InstaAgent app steals usernames and passwords from Instagram users

instagram_phone_pocket

An app that enables iPhone users to keep an eye on who has been looking at their Instagram account has been pulled from the App Store after it was found to be stealing usernames and passwords.

Apple took the decision to kill "Who Viewed Your Profile -- InstaAgent" when the app was found scraping login details and sending them back to the developer's server. This in itself is worrying for users, but it gets worse: the usernames and passwords were sent in unencrypted format.

The app was reasonably popular, managing to attract around half a million users. Delving into InstaAgent's code revealed that the app was really little more than password-harvesting malware. The incident will once again call into question the vetting process that apps go through before hitting the App Store.

The password-stealing was first spotted by Peppersoft developer David Layer-Reiss who tweeted about his findings:

With Apple having stripped InstaAgent from the App Store, it will no longer be possible for anyone to download it. If you already have it installed, however, the advice would be to uninstall it, and change your Instagram password immediately.

Photo credit: Yeamake / Shutterstock

5 Responses to InstaAgent app steals usernames and passwords from Instagram users

© 1998-2024 BetaNews, Inc. All Rights Reserved. Privacy Policy - Cookie Policy.