Skip to main content
  1. Home
  2. Mobile
  3. News

Fake Android Instagram apps have been stealing login credentials from users

By

fake android instagram apps stories
Image used with permission by copyright holder
It looks like there is another Android malware in the works. If you’re in Instagram user, you may want to take heed, as Intel’s Security researchers have discovered a number of apps dedicated to stealing Instagram passwords on the Google Play Store.

The threat has been called Android/InstaZune and it basically disguises itself as an official Instagram app that leads unsuspecting users to a phishing website — after which it will ask you to enter your username and password. Unfortunately for the victims, that information is then sent directly to the hackers who built the app.

Recommended Videos

It may not be a big deal if someone gains access to only your Instagram account, but a real problem can arise if you use the same login credentials for other websites — such as Facebook, Google, or even your online banking.

Related

“The victim’s credentials are sent to the malware author as plain text. If the network connection is monitored (as is possible on a free Wi-Fi network), the account name and password are open to unknown persons,” according to a McAfee blog.

There is an easy way to ensure you don’t fall into the trap — only download the official Instagram app. When in doubt, before downloading an app check the developer — if it’s the official Instagram app, the developer will be labeled as Instagram.

Thankfully, it seems as though the offending apps have been removed by Google, but phishing apps like this tend to pop up pretty often, so it’s important to continue being careful which apps you download. Never download apps that look suspicious and if possible, create new login credentials for each service, so that if you are hacked you can easily change a password and keep your digital life secure.

Editors’ Recommendations

Topics
Christian de Looper
Christian de Looper
Contributor
Christian de Looper is a long-time freelance writer who has covered every facet of the consumer tech and electric vehicle…
Google is launching a powerful new AI app for your Android phone
Google Gemini app on Android.

Remember Bard, Google’s answer to ChatGPT? Well, it is now officially called Gemini. Also, all those fancy AI features that previously went by the name Duet AI have been folded under the Gemini branding. In case you haven’t been following up all the AI development flood, the name is derived from the multi-modal large language model of the same name.

To go with the renaming efforts, Google has launched a standalone Gemini app on Android. Moreover, the Gemini experience is also being made available to iPhone users within the Google app on iOS. But wait, there’s more.

Read more
If you have one of these apps on your Android phone, delete it immediately
The app drawer on the Google Pixel 8 Pro.

The NSO Group raised security alarms this week, and once again, it’s the devastatingly powerful Pegasus malware that was deployed in Jordan to spy on journalists and activists. While that’s a high-profile case that entailed Apple filing a lawsuit against NSO Group, there’s a whole world of seemingly innocuous Android apps that are harvesting sensitive data from an average person’s phone.
The security experts at ESET have spotted at least 12 Android apps, most of which are disguised as chat apps, that actually plant a Trojan on the phone and then steal details such as call logs and messages, remotely gain control of the camera, and even extract chat details from end-to-end encrypted platforms such as WhatsApp.
The apps in question are YohooTalk, TikTalk, Privee Talk, MeetMe, Nidus, GlowChat, Let’s Chat, Quick Chat, Rafaqat, Chit Chat, Hello Chat, and Wave Chat. Needless to say, if you have any of these apps installed on your devices, delete them immediately.
Notably, six of these apps were available on the Google Play Store, raising the risk stakes as users flock here, putting their faith in the security protocols put in place by Google. A remote access trojan (RAT) named Vajra Spy is at the center of these app's espionage activities.

A chat app doing serious damage

Read more
You should probably stay away from the Instagram Wrapped app
Render of the Wrapped for Instagram app on an iPhone.

I’ll keep it simple. Stay away from the Wrapped for Instagram trend. The app has been making rounds in the App Store’s top bracket for the past few days, and the premise is a little too lucrative to ignore in the first place.

You may see your friends online showing off their Wrapped stats, but before you go and join in the "fun" for yourself, please consider the following first.
What is the Wrapped for Instagram app?

Read more