The threat has been called Android/InstaZune and it basically disguises itself as an official Instagram app that leads unsuspecting users to a phishing website — after which it will ask you to enter your username and password. Unfortunately for the victims, that information is then sent directly to the hackers who built the app.
It may not be a big deal if someone gains access to only your Instagram account, but a real problem can arise if you use the same login credentials for other websites — such as Facebook, Google, or even your online banking.
“The victim’s credentials are sent to the malware author as plain text. If the network connection is monitored (as is possible on a free Wi-Fi network), the account name and password are open to unknown persons,” according to a McAfee blog.
There is an easy way to ensure you don’t fall into the trap — only download the official Instagram app. When in doubt, before downloading an app check the developer — if it’s the official Instagram app, the developer will be labeled as Instagram.
Thankfully, it seems as though the offending apps have been removed by Google, but phishing apps like this tend to pop up pretty often, so it’s important to continue being careful which apps you download. Never download apps that look suspicious and if possible, create new login credentials for each service, so that if you are hacked you can easily change a password and keep your digital life secure.
