AppStore not so safe? Instagram client shares 500k user passwords
InstaAgent, the Instagram client that topped free-downloads in 15 countries, carried malware that distributed Apple users’ passwords and photos.
Half a million Apple customers were exposed before the issue was discovered.
I would say "Who Viewed Your Profile - InstaAgent" is the first malware in the iOS Appstore that is downloaded half a million times.
— David L-R (@PeppersoftDev) November 10, 2015InstaAgent allowed users see who views their Instagram profile. When installed, it asked for Instagram usernames and passwords.
#InstaAgent is only able to post a image in your #Instagram account because they got your account password!
#hackedpic.twitter.com/0vD1OJBY9l
— David L-R (@PeppersoftDev) November 10, 2015Developers at German company Peppersoft discovered login credentials were being stored UNENCRYPTED in the app and uploaded to a third party server.
@PeppersoftDev you were quoted by @TheNextWebhttps://t.co/OMqxwiaK0n
— Recite News (@ReciteNews) November 11, 2015The news broke Tuesday when German app company Peppersoft found issues with InstaAgent code. The client has since been pulled from Google Play and the AppStore.
The InstaAgent debacle comes a month after Apple had to kill 100’s of Apps it was selling over malware breaches caused by compromised developer tool kit.
READ MORE: Malware infects hundreds of apps in Apple’s official store
