Password-Stealing Instagram App 'InstaAgent' Reappears in App Store Under New Name

by

Last November, a malicious app called InstaAgent was caught storing the usernames and passwords of Instagram users, sending them to a suspicious remote server. After the app's activities came to light, Apple removed it from the App Store, but it now appears Turker Bayram, the developer behind the app has managed to get two new apps approved by Apple, (and Google) both of which are stealing Instagram account info.

Peppersoft developer David L-R, who discovered the insidious password-sniffing feature in the first InstaAgent app, last week wrote a post outlining new password stealing apps created by Bayram. Called "Who Cares With Me - InstaDetector" and "InstaCare - Who Cares With Me," the apps are available on Android and iOS devices.

instacare
The original InstaAgent app attracted Instagram users by promising to track the people who visited their Instagram account, and the two new apps make similar promises. Both apps say they display a list of users who interact most often with an Instagram account, asking users to log in with an Instagram username and password.

David L-R investigated Bayram's new apps and discovered a suspicious HTTPS packet, leading him to uncover a complex encryption process used to covertly send usernames and passwords to a third-party server and hide the evidence. He found both the Android and iOS versions of the app send Instagram account information to unknown servers.

As I had a closer look to the iOS app I found out that the app steals the Instagram password & username to send it encrypted to "unknown" servers. The "password-stealing" algorithm and the encryption seems to be the same as in "InstaCare - Who cares with me?" a new iOS app from the "InstaAgent" developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here.

Multiple reviews on the iOS App Store claim that after using the malicious Instagram apps, their accounts were compromised with spam photos advertising the app that were uploaded to their feeds. As with InstaAgent, the apps show up prominently in the Top Charts in some countries, though not in the United States.

appstorereviews
Bayram's ability to get multiple new apps approved by Apple after having been found guilty of harvesting Instagram account information speaks towards the glaring issues in Apple's app review policies. It is unclear how a developer who was caught operating a malicious app was able to get additional apps past Apple's radar.

There are dozens if not hundreds of low-quality third-party apps that promise to provide Instagram users with followers and other perks, which should be avoided to avoid having account information stolen. Instagram cautions against installing third-party apps that don't follow its Community Guidelines and says such apps are "likely attempts to use your account in an inappropriate way."

(Thanks, Şizofrenik!)

Tags: App Store, Instagram

Popular Stories

2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, iPads, Macs, and More

Thursday November 6, 2025 11:12 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the U.S., according to its website. Maximum values for most devices either decreased or saw no change, but the iPad Air received a slight bump. ...
Read Full Article71 comments
Liquid Glass General Feature

Apple Shares Liquid Glass Design Gallery

Thursday November 6, 2025 2:45 pm PST by
Apple is promoting the new Liquid Glass design in iOS 26, showing off the ways that third-party developers are embracing the aesthetic in their apps. On its developer website, Apple is featuring a visual gallery that demonstrates how "teams of all sizes" are creating Liquid Glass experiences. The gallery features examples of Liquid Glass in apps for iPhone, iPad, Apple Watch, and Mac. Apple...
Read Full Article116 comments
iOS 26

iOS 26.1 Available Now With These 8 New Features

Monday November 3, 2025 5:54 am PST by
Following more than a month of beta testing, Apple released iOS 26.1 on Monday, November 3. The update includes a handful of new features and changes, including the ability to adjust the look of Liquid Glass and more. Below, we outline iOS 26.1's key new features. Liquid Glass Toggle iOS 26.1 lets you choose your preferred look for Liquid Glass. In the Settings app, under Display...
Read Full Article
airtag purple

Apple's Website Lists AirTag 4-Pack at Shockingly Low Price [Updated]

Friday November 7, 2025 6:40 am PST by
Apple's online store in the U.S. is suddenly offering a pack of four AirTags for just $29, which is the same price as a single AirTag. This is likely a pricing error, and it is unclear if orders will be fulfilled. Apple has not discounted the AirTag four-pack in any other countries that we checked. Delivery estimates are already pushing into late November to early December, suggesting...
Read Full Article94 comments
Finder Siri Feature

Apple's New Siri Will Be Powered By Google Gemini

Wednesday November 5, 2025 11:57 am PST by
The smarter, more capable version of Siri that Apple is developing will be powered by Google Gemini, reports Bloomberg. Apple will pay Google approximately $1 billion per year for a 1.2 trillion parameter artificial intelligence model that was developed by Google. For context, parameters are a measure of how a model understands and responds to queries. More parameters generally means more...
Read Full Article368 comments
apple watch se 3 always on

Apple to Remove iPhone-Apple Watch Wi-Fi Sync in EU With iOS 26.2

Thursday November 6, 2025 4:37 am PST by
Apple in iOS 26.2 will disable automatic Wi-Fi network syncing between iPhone and Apple Watch in the European Union to comply with the bloc's regulations, suggests a new report. Normally, when an iPhone connects to a new Wi-Fi network, it automatically shares the network credentials with the paired Apple Watch. This allows the watch to connect to the same network independently – for...
Read Full Article217 comments
ikea smart home devices

IKEA Debuts 21 HomeKit-Compatible Smart Bulbs, Sensors, and Controls

Thursday November 6, 2025 4:08 pm PST by
IKEA today announced the upcoming launch of 21 new Matter-compatible smart home products that will be able to interface with HomeKit and the Apple Home app. There are sensors, lights, and control options, all of which will be reasonably priced. Some of the products are new, while some are updates to existing lines that IKEA previously offered. There are a series of new smart bulbs that are...
Read Full Article74 comments
apple tv logo physical

New Apple TV Intro Was Made With Practical Effects

Thursday November 6, 2025 7:02 am PST by
The all-new intro sequence for Apple TV was made with practical effects and shot in-camera, Ad Age reports. Rather than using digital techniques, the new sequence was made by shooting large glass versions of the Apple TV logo, with physical motion and changing lighting used to create effects. Apple partnered with TBWA\Media Arts Lab to create the intro. Ad Age released an exclusive look...
Read Full Article116 comments
Home Hub Command Center with Dome Base Feature

Apple's 2026 Smart Home Revamp: All the Rumors

Wednesday November 5, 2025 3:54 pm PST by
It's been over a decade since Apple's HomeKit smart home platform launched, and it is overdue for an update. HomeKit and the Home app can no longer keep up with AI-powered solutions from other companies like Google and Amazon, but that's set to change with a smart home revamp that Apple has planned for 2026. Home Hub Apple is working on a home hub or "command center" that will serve as a...
Read Full Article56 comments

Top Rated Comments

japanime Avatar
japanime
126 months ago
Why doesn't Apple pursue criminal charges against these "developers"?
Score: 23 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
126 months ago
Revoke their accounts and certificates.
Score: 20 Votes (Like | Disagree)
macs4nw Avatar
macs4nw
126 months ago
How the hell did Apple approve these Apps knowing what they did about Bayram?
Score: 14 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
126 months ago
Fool Apple once - shame on them
Fool Apple twice - shame on Apple for not sending them to the white room prison the first time
Score: 11 Votes (Like | Disagree)
thisisnotmyname Avatar
thisisnotmyname
126 months ago
I can see the app review process being a daunting one given the volume Apple sees in App Store but it is disturbing that this type of thing gets through once let alone repeatedly.
Score: 10 Votes (Like | Disagree)
garirry Avatar
garirry
126 months ago
Honestly, I think there's starting to be a lack of quality control from Apple. Not trying to scold them or anything, but it's been multiple times in fairly short intervals that a malicious app like this appeared on the store.
Score: 10 Votes (Like | Disagree)
Read All Comments