Instagram-scam app has login credentials of 100,000 users

Instagram has been a teeming hub of scamming posts and services for long now. It has now emerged that one particularly recent scam...


Instagram has been a teeming hub of scamming posts and services for long now. It has now emerged that one particularly recent scam has tricked over 100,000 users into giving away their passwords.

Mashable has reported that the app called “Instlike” would trick users into sharing their usernames and passwords with the lucrative promise of gaining free likes and followers. Turns out, these users who willingly gave up their login credentials became part of a social botnet.

Instagram-scam app has login credentials of 100,000 users

The website is still around

 

A research security firm Symantec shared with Mashable showed that after acquiring passwords, Instlike would go around liking random images and following random users. It would also prompt users to buy virtual coins in order to get more followers and likes. What this would essentially do is add likes and followers to real accounts to keep the ecosystem going.

The app would pose as a free one, only to confront you with the option of paying for likes and followers later. Users were allocated 20 coins per day to users. One like would cost the user one coin and one follower cost 10 coins. Then, the app would rely on users wanting to hit more likes, offering them a chance to purchase more coins for $1. If you referred another user to Instlike, you would be given 50 coins.

An auto-like feature on the app sent out 500 likes to pictures with common hashtags, hoping to receive followers and likes in returns. Instlike offered premium daily services that you could buy for 20 coins and would let the account send out 1,500 likes and customise target hashtags. The service also encouraged users to add #instlike_com to their pictures, promising 20 free likes.

Essentially, the app structured a zombie army of accounts sending out likes and following each other without any real contact. What’s more scary is that this application, having been around on iOS and Android since June, now has a treasure trove of user information. Apple and Google managed to realise the potential threat that this app could pose and have removed it from their respective stores.

Symantec says that warning bells should have been set off when the app asked for username and password instead of using the Instagram API. However, the company suggests, you should change your Instagram password immediately if you have been using this application.