Skip to main content

Developer behind malware app InstaAgent says there’s nothing to worry about

Instagram Explore
Denys Prykhodov / Shutterstock
If you’re one of the thousands of people with an app named Who Viewed Your Profile – InstaAgent installed on your smartphone, stop using it and delete it right now. Why? Because it’s stealing your password, transferring it to a server, and then posting images on your Instagram account suggesting others should also download the app.

Updated on 11-12-2015 by Andy Boxall: Added in statement on InstaAgent supplied by the developer.

The app is a third-party Instagram client that promised to tell you who visited your Instagram account, something it could only attempt to do once you’d handed over your username and password. This function was never carried out, and seemingly the app’s sole intention was to steal Instagram logins. It has since been removed from both stores.

Developer responds to hack allegations

Following the removal of InstaAgent, the developer posted a statement online on the situation, apologizing to its users. The explanation is in broken English, but claims no accounts were stolen, and passwords were never saved on the developer’s server. “There is nothing wrong, but again and and again we apologize,” it’s written. It appears the app was developed and released with a “debug” mode active, where a photo advertising the app was posted to Instagram without authorization. This was originally a feature, and sharing the image an alternative to paying for a complete list of users visiting an Instagram account, something the app actually couldn’t offer anyway.

Was it all a mistake? A security consultant speaking to the BBC says, “Offering users an app to see who has viewed their profile is a classic way of scamming users into installing malware.” Despite the developer’s apology and explanation, the consultant says InstaAgent’s methods of collecting and sending passwords was “highly unorthodox.” The published statement doesn’t offer any explanation regarding the sending and storing of login details.

The developers behind InstaAgent say the debacle is “good training.” The team promises it will read privacy policies more carefully, and apps will be “controlled and fully tested before publishing” next time. The question is, would you want to download another app from them?

How it all started

InstaAgent’s activity was spotted by a developer who tweeted that in his estimation, it’s the first piece of iOS malware to be downloaded at least 500,000 times. The app held the number one position in the free UK and Canadian iTunes App Store chart, and was available in the Google Play Store for Android phones, where download numbers also hit the half million mark.

What to do if you installed the app

If you have the app on your phone, uninstall it now and as a precaution, change the password to your Instagram account. The developer responsible for bringing attention to the app’s secret noted it sent the account information collected to a mysterious server, so there’s a chance any logins may be stored and used again. We’d also suggest checking your Instagram feed for any photos you didn’t post.

Using third-party apps to upload photos to Instagram is against the site’s rules, along with attempts to gain likes and followers. The app in question isn’t the only one of its type for iOS and Android, and although none of the others have been exposed as malware yet, there’s always a risk attached to handing over login credentials to unofficial apps that offer services outlawed under a site’s rules.

Andy Boxall
Andy is a Senior Writer at Digital Trends, where he concentrates on mobile technology, a subject he has written about for…
These 80+ apps could be running adware on your iPhone or Android device
Illustration of an infected iPhone

Cybersecurity company Human has uncovered another adware campaign engaging in ad fraud that is targeting iOS and Android devices. In the simplest terms, ad fraud allows a bad actor to either visibly spam an app with ads, or to manipulate the code in such a way that the ads are invisible to the user while the bad actor extracts advertising money from a marketer.

In each iteration, it’s fraudulent. Ad fraud has been widespread in the industry for a while, and the latest investigation uncovered a cache of over 75 Android apps listed in the Google Play Store and nearly a dozen apps on Apple’s App Store that are engaged in various forms of ad fraud.

Read more
The best note-taking apps for iOS and Android
best note-taking apps 2

Taking notes with your phone or tablet is a convenient way of staying organized. You can use your device to create to-do lists, keep track of important appointments, or even take notes during classes and meetings.

Apps like Bear, SimpleNote, Quip, and others allow you to write, draw, share your notes, and add files to your notes. Choosing the right app to take notes on the go will ensure you never fail to record anything important. We've picked some of the best note-taking apps available.
Evernote

Read more
The best guitar-learning apps for Android and iOS
Woman playing the guitar

Learning guitar has never been easier. In the past, you would have needed to hire a guitar teacher and buy music books to start learning how to play, but now, the explosion in guitar apps and free online content means that you can learn guitar without breaking the bank. There are a wealth of excellent guitar apps available for the beginner guitarist, as well as specific guitar learning apps to help you get started.

This article runs through eight of the best guitar apps for beginners on Android and iOS. It includes everything from the best guitar learning apps to guitar apps that every self-respecting guitarist should have on their phones. Regardless of your level, you'll find something here to improve your playing.
Justin Guitar Beginner Lessons

Read more