Malicious App ‘InstaAgent’ Sends Instagram Passwords to Unknown Server, Posts Spam in Users’ Feeds

InstaAgent, an app that connects to Instagram and promises to track the people that have visited a user’s Instagram account, appears to be storing the usernames and passwords of Instagram users, sending them to a suspicious remote server.

An app developer from Peppersoft downloaded InstaAgent – full name „Who Viewed Your Profile – InstaAgent“ – and discovered it’s reading Instagram account usernames and passwords, sending them via clear text to a remote server – instagram.zunamedia.com.

InstaAgent is also using the credentials to log into accounts and post unauthorized images. Instagram does not permit third-party apps to upload photos to user accounts.

While InstaAgent isn’t particularly popular in the United States, it is currently the number one free app in both the United Kingdom and Canada, with thousands of downloads that puts a huge number of Instagram users at risk of having their information stolen. In the Google Play store, the app had between 100k and 500k users, and the install numbers could be similar for iOS.

Google has removed the InstaAgent Android app from the Google Play store, but InstaAgent is still available in the iOS App Store for the time being. Anyone who has downloaded InstaAgent should delete the app immediately and change their Instagram password.

Passwords for other sites and accounts that were the same as the Instagram password should also be changed as a precaution. We also highly recommend a password management app like 1Password, which can generate unique complex passwords for each and every site or service. Instagram also advises against installing third-party apps that don’t follow its Community Guidelines.

There are dozens if not hundreds of third-party apps that promise to provide Instagram users with followers and other perks, and these kind of apps should be avoided. According to Instagram, these apps are „likely an attempt to use your account in an inappropriate way“ as InstaAgent does.

Tags: Instagram, InstaAgent
Discuss this article in our forums

Прочетете повече

Apple’s Culture of Secrecy Slowing its Artificial Intelligence Development

Apple’s strict adherence to an environment of secrecy and privacy in regards to its software and hardware development has been suggested as a major blow to the company’s potential for growth in the field of artificial intelligence. In a new article by Bloomberg, Apple was noted as a non-attendee at the Neural Information Processing Systems conference, an annual confluence of companies including Google and Microsoft where researches get together to discuss the progress and development of AI technologies.

In years past, Apple has attended the conference, but its emissaries were known to keep „a low profile“ during the proceedings. In the midst of a mass sharing and celebration of discoveries and findings in the world of AI, many remain unsure of the Cupertino company’s continued success in such departments if it remains attached to such strict secrecy rules. “They’re completely out of the loop,“ said Richard Zemel, a professor in the computer science department at the University of Toronto.

The biggest threat posed to Apple due to this level of secrecy, according to Trevor Darrell, managing director of a machine-learning research center at the University of California at Berkeley, is the barrier to entry it creates for graduate students fresh out of college. The stagnant environment and closed-off atmosphere inhibits the company’s employees from interacting with the rest of the scientific community, an issue that most potential hires may not be entirely comfortable with.

“There’s no way they can just observe and not be part of the community and take advantage of what is going on,” says Yoshua Bengio, a professor of computer science at the University of Montreal. “I believe if they don’t change their attitude, they will stay behind.”

“The really strong people don’t want to go into a closed environment where it’s all secret,” Bengio says. “The differentiating factors are, ‘Who are you going to be working with?’ ‘Am I going to stay a part of the scientific community?’ ‘How much freedom will I have?’”

Earlier in the month, Apple acquired two artificial intelligence-related start-ups: VocalIQ and Perceptio. VocalIQ’s natural language API hints at a more naturalistic version of Siri in the future, and even possible integration into the rumored Apple car project. Perceptio suggests the possibility of a more expansive and robust AI system for Apple, without the compromise of the company’s in-depth privacy policies that pull Siri back from services like Google Now and Microsoft’s Cortana.

All the same, Bloomberg‘s story suggests that despite Apple’s enthusiasm to innovate in the artificial intelligence sector, the company could continue to lag behind in certain departments – Apple Maps, for example – due to its stances on secrecy and privacy.

Tag: Siri
Discuss this article in our forums

Прочетете повече

PSA: Details on storage management issues in the latest Windows 10 Mobile build

The new Windows 10 Mobile build 10581 that was released today appears to be a solid upgrade, but it still has a strange storage management issue, and here’s what you need to know about it. Read more…

Прочетете повече

Millennials get opinions they care about in new iOS app

Millennials are a generation of “digital natives” with strong opinions and they’re losing interest in social media that only allows them to register a Like on posts. The creators of a new social media app called exacly.me believe they can give Millennials a platform for meaningful sharing with the honest self-expression that so defines them. […]

(via Cult of Mac – Tech and culture through an Apple lens)


Прочетете повече

Apple Lists Top 25 Apps Compromised by XcodeGhost Malware

Apple has updated its XcodeGhost FAQ on its Chinese website with a list of the top 25 most popular App Store apps that were compromised by the malware. The list includes some notable apps such as WeChat, Heroes of Order & Chaos and a localized version of Angry Birds 2.

Apple advises that users should update the affected apps to fix the issue, noting that if a listed app is available on the App Store right now, it has already been updated. Apps with an asterisk are currently not available on the App Store, but Apple says they should be updated very soon.

WeChat
DiDi Taxi
58 Classified – Job, Used Cars, Rent
Gaode Map – Driving and Public Transportation
Railroad 12306
Flush
China Unicom Customer Service (Official Version)*
CarrotFantasy 2: Daily Battle*
Miraculous Warmth
Call Me MT 2 – Multi-server version
Angry Birds 2 – Yifeng Li’s Favorite*
Baidu Music – Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke
DuoDuo Ringtone
NetEase Music – An Essential for Radio and Song Download
Foreign Harbor – The Hottest Platform for Oversea Shopping*
Battle of Freedom (The MOBA mobile game)
One Piece – Embark (Officially Authorized)*
Let’s Cook – Receipes
Heroes of Order & Chaos – Multiplayer Online Game*
Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
I Like Being With You*
Himalaya FM (Audio Book Community)
CarrotFantasy*
Flush HD
Encounter – Local Chatting Tool

Apple has been working to remove all apps compromised by XcodeGhost from the App Store, but some affected apps may remain available for download. Apple has also outlined steps for developers to validate Xcode and said it would alert users to let them know if they have downloaded apps that could have been compromised.

XcodeGhost is a new iOS malware that arose from malicious versions of Xcode, Apple’s official tool for developing iOS and OS X apps, downloaded by some developers in China. Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store.

MacRumors posted a detailed XcodeGhost FAQ over the weekend that explains more about the malware, who is affected and how to keep yourself protected, although Apple has downplayed the severity of XcodeGhost compared to what some security firms initially reported.

We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.

We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.

Chinese developers initially disclosed XcodeGhost on microblogging service Sina Weibo last Wednesday.



Прочетете повече