Recently, a malicious application called “InstaCare – Who cares with me” was released via Google Play Store and App Store. This application serves as a hook to lure Instagram users, pretending to let them know who has viewed their profile; but in reality it abuses the authentication process to connect to Instagram. It steals your instagram password and gains access to your profile.
This app displays your friend list in order, who cares your profile most with your profile interaction. This app can show you up to most recent 100 list for your Instagram profile.
It’s common for many applications to use API’s or authorization protocols such as OAuth to authenticate with third-party applications. This is very convenient for users as they can use the same credentials to authenticate with different applications and services. The problem here is that this feature can be used maliciously for some applications to gain access to the user’s information, such as their profile and contacts, or to steal their credentials.
Last week the InstaAgent developer “Turker Bayram” released a new app for the Android and iOS AppStore, after his (malicious) app “InstaAgent” was pulled by Apple&Google from their AppStores. It was astonishing that Apple and Google didn’t have a closer look at his new application. One should assume a developer who already published a malicious app, should be watched more closely. His new app is called “Who Viewed Me on Instagram” (Android Version 50K – 100K downloads), and “InstaCare – Who cares with me?” (iOS Version top grossing app in Germany Category: Entertainment). The app promises the same functionality as InstaAgent .