Instagram users have been the target of several new
credential stealing apps, appearing on Google Play as tools for either managing
or boosting the number of Instagram followers.
Under the detection name Android/Spy.Inazigram, 13
malicious applications were discovered in the official Google Play store. The
apps were phishing for Instagram credentials and sending them to a remote
server.
While they appear to have originated in Turkey,
some used English localization to target Instagram users worldwide. Altogether,
the malicious apps have been installed by up to 1.5 million users. Upon ESET’s
notification, all 13 apps were removed from the store.
Samples
|
Package Name
|
Installs
|
Hash
|
|
com.vavetech.superapp
|
100,000 - 500,000
|
84E2A528571CE26735CC6EFE2F20D024F67B6F4F
|
|
com.instatakipcibegeni
|
100,000 - 500,000
|
F956C5ECFDB9939E98A3FEDEA877E2DAF91DA0CF
|
|
takipcivebegeni.app
|
100,000 - 500,000
|
E278821B390C3DD589A8B62E2CCA73E4AAFEEA98
|
|
com.tr.takdrfsfaewewe
|
10,000 - 50,000
|
470B9B632F4B66487010725CA84BC4923BFE5898
|
|
com.tr.instracker
|
1,000 – 5,000
|
BA5E2937C57726CC8CCFCBA4034F02D6DD5BBC17
|
|
com.tr.nsgrfllowers
|
1,000 – 5,000
|
F32C674DBA78A748256991A7DBB2409FDA0CF302
|
No comments:
Post a Comment