Turkish Instagram Password Stealers Found on Google Play

By on Jan 12, 2017

McAfee’s mobile malware research team has found several Instagram password stealers on the Google Play store. (Google has since removed the apps.) These malware are distributed as utilities and tools for analyzing access and automating the following of Instagram accounts. The main targets of the malware are Turkish Instagram users.

The malware lead victims to a phishing website that steals Instagram account passwords using the WebView component. As we see in the following screenshots, the design of the login page is very simple, so it is difficult for users to appreciate the difference between legitimate and fake.


The victim’s credentials are sent to the malware author as plain text. If the network connection is monitored (as is possible on a free Wi-Fi network), the account name and password are open to unknown persons.


Victims’ personal information may leak if they use the same passwords on other websites and social network services. Malware authors will attempt to log into other web services using the stolen accounts and passwords.

Instagram’s popularity makes it a target for attackers. McAfee recommends you install mobile security and password-management software, and not trust applications downloaded from unknown sources. McAfee Mobile Security detects this threat as Android/InstaZuna and alerts mobile users if it is present, while protecting them from any data loss. For more information about McAfee Mobile Security, visit http://www.mcafeemobilesecurity.com.


About the Author

Yukihiro Okutomi

Yukihiro Okutomi, Senior Mobile Malware Researcher, specializes in mobile malware research, analysis and detection. He is based in Tokyo, Japan, and keeps watching mobile threats in Japan in addition to world-wide mobile threats.

Read more posts from Yukihiro Okutomi

Similar Blogs

Subscribe to McAfee Securing Tomorrow Blogs