Turkish Instagram Password Stealers Found on Google Play

By on

McAfee’s mobile malware research team has found several Instagram password stealers on the Google Play store. (Google has since removed the apps.) These malware are distributed as utilities and tools for analyzing access and automating the following of Instagram accounts. The main targets of the malware are Turkish Instagram users.

The malware lead victims to a phishing website that steals Instagram account passwords using the WebView component. As we see in the following screenshots, the design of the login page is very simple, so it is difficult for users to appreciate the difference between legitimate and fake.


The victim’s credentials are sent to the malware author as plain text. If the network connection is monitored (as is possible on a free Wi-Fi network), the account name and password are open to unknown persons.


Victims’ personal information may leak if they use the same passwords on other websites and social network services. Malware authors will attempt to log into other web services using the stolen accounts and passwords.

Instagram’s popularity makes it a target for attackers. McAfee recommends you install mobile security and password-management software, and not trust applications downloaded from unknown sources. McAfee Mobile Security detects this threat as Android/InstaZuna and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit http://www.mcafeemobilesecurity.com.


Leave a Comment

Similar articles

Many of us use Bluetooth technology for its convenience and sharing capabilities. Whether you’re using wireless headphones or quickly Airdropping photos to your friend, Bluetooth has a variety of benefits that users take advantage of every day. But like many other technologies, Bluetooth isn’t immune to cyberattacks. According to Ars Technica, researchers have recently discovered ...
Read Blog

Analytics 101

By on
From today’s smart home applications to autonomous vehicles of the future, the efficiency of automated decision-making is becoming widely embraced. Sci-fi concepts such as “machine learning” and “artificial intelligence” have been realized; however, it is important to understand that these terms are not interchangeable but evolve in complexity and knowledge to drive better decisions. Distinguishing ...
Read Blog
A new banking trojan has emerged and is going after users’ Android devices. Dubbed Cerberus, this remote access trojan allows a distant attacker to take over an infected Android device, giving the attacker the ability to conduct overlay attacks, gain SMS control, and harvest the victim's contact list. What's more, the author of the Cerberus ...
Read Blog