WARNING: Fake Instagram app steals user login information

Intel’s Security researchers discovered several apps dedicated to stealing Instagram login credentials on Google Play Store.


Here are a few tips to avoid getting hacked:

1.    Change your passwords regularly or make it difficult to crack. Use symbols, numbers, and uppercase letters. If possible, make your email and social media logins unique from each other.

2.    Only download apps from trusted sites. 

3.    Don’t let other people use your phone especially when you are not confident with the person.

4.   Before downloading any apps, do your research to know its credibility and the legitimacy of its developer.

5.    Get an antivirus software and regularly scan for viruses.

6.    Check the app’s privacy policy and app permissions. Know what phone functions or information it needs to use.

7.   Read app reviews. Some apps have fake reviews, too! Make some time to read a bunch when you are in doubt.

8.   Ask your family and friends about the app and get their feedback.

9.   Ask yourself whether you really need the app or not. Don’t just search and click.


If you are social media savvy and you have almost all the social networking apps on your Android devices, you can be one of the victims of this hacking scheme.

Intel’s Security researchers have recently uncovered a number of apps on Google Play Store that steal Instagram passwords. This malware has been called Android/InstaZune, an app that disguises as the official Instagram app and eventually deceives users to go to a phishing website.

The website will ask unsuspecting users to enter their username or email and password, then, the hacking begins. The user’s credentials will be sent to the developers of that certain app.

This system is so subtle that no one would ever think it’s a bait. Victims don’t usually find out until they lose access to their Instagram account. It’s like handing over your login information openly to the hackers.

For some, it may not be a big deal especially if you are using different logins for your email and social media accounts. But for those who don’t, this could be a huge problem as it could lead to a much bigger problem such as identity theft. It can even go worse if you are using those logins for a more personal use like online banking or online shopping.

SEE ALSO: Pangilinan wants Facebook penalized for spread of fake news; Trillanes wants the same

As stated in a McAfee security blog, “The victim’s credentials are sent to the malware author as plain text. If the network connection is monitored (as is possible on a free Wi-Fi network), the account name and password are open to unknown persons”.

The easiest way to make sure that you don’t fall into the trap is to download the official Instagram app. If you feel there is something suspicious with the app you are looking at, check the developer name before downloading. The official Instagram app developer is labeled as Instagram.

Fortunately, some of these fraud apps have been removed by Google, but phishing apps like this tend to appear often. Always be vigilant even just when downloading apps to your Android phone.


Like it? Share with your friends!