Third-party Instagram app pulled after stealing passwords

12 Nov 2015 | Author: | No comments yet »

Google and Apple try to keep malware out of their app stores. But they don’t always succeed..

Google and Apple just removed a popular third-party Instagram app from their online stores after reports surfaced that the app was stealing usernames and passwords and then using the ill-gotten credentials to post spam to Instagram accounts without permission.But a sneaky third-party app that promised users it would tell them who had been viewing their profile turned out to be a password-stealing ploy by hackers. “These types of third-party apps violate our platform guidelines and are likely an attempt to get access to a user’s accounts in an inappropriate way,” an Instagram spokesperson told Mirror Online.

The malicious nature of the app, marketed as “Who Viewed Your Profile – InstaAgent” on iOS and “Who View Me – InstaAgent” on Android, was first pointed out Tuesday on Twitter by a developer named David Layer-Reiss. But by the time they were taken down, the Android version had received between 100,000 and 500,000 downloads, and the iOS version was reported to have made the top download charts in several countries. Apple has long reviewed all programs submitted to the App Store — sometimes to the chagrin of developers, who complain about lengthy wait times before approval.

The company is pretty quiet about what the actual review process entails, but it is thought to contain both manual and automated elements and is focused on making sure that apps “operate as described and don’t contain obvious bugs or other problems.” And so far, its approach seems fairly effective — despite occasional proofs of concept malware slipping through over the years, and an incident in September when malicious apps made with counterfeit copies of Apple’s development software were removed. According to Cybersecurity firm Pulse Secure’s 2015 Mobile Threat Report, Apple’s mobile operating system is “almost completely out of the equation for mobile malware development” due to those factors. But it wasn’t until March of this year that the company announced that all apps were being reviewed before they were published in Google Play, its app marketplace. “This new process involves a team of experts who are responsible for identifying violations of our developer policies earlier in the app lifecycle,” Eunice Kim, product manager for Google Play, wrote in a blog post about the change, which was quietly rolled out several months before it was made public. The process also includes automated elements. “Google’s systems use machine learning to see patterns and make connections that humans would not,” the company’s latest annual report on Android security explained.

Google said it analyzes “millions of data points, asset nodes, and relationship graphs to build a high-precision security-detection system.” At the time the report was published, the company said over 25,000 apps were updated to remove potential security issues due to warnings its automated systems delivered to developers. However, malicious apps still seem to show up within Google Play fairly often. “This is just one of probably thousands of malware that aren’t caught,” said Tyler Shields, a principal mobile security analyst at Forrester Research.

Here you can write a commentary on the recording "Third-party Instagram app pulled after stealing passwords".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site