nav search
Data Center Software Security Transformation DevOps Business Personal Tech Science Emergent Tech Bootnotes BOFH

back to article
Instagram phishing apps pulled from Google Play

"in order to distribute spam and ads"

[unflattering comparison to existing social networks here]

4
0
Gimp

Forgive my ignorance, (I'm a fanboi) but why does it always take security researchers to discover this stuff in the Playshop or whatever?

Is it really a self-policed freeforall?

3
0

Yes

Last I heard, Google scans apps in a VM, similar method that anti virus software uses. In other words...NOT effective. Not sure, but I vaguely remember Apple runs the software on some big iPhone server thing, very closely simulating an actual iPhone. Not sure of the specifics, of course.

So to summarize...Yes. It is a big 'ole self-policed free-for-all storm of crap. Google really needs to fix it, it makes their platform a complete mess.

3
0
Silver badge

"Forgive my ignorance, (I'm a fanboi) but why does it always take security researchers to discover this stuff in the Playshop or whatever?"

To be fair on Google, it's probably quite tough to vet this particular issue automatically. There are numerous valid reasons to store credentials as part of an application, and making sure the application doesn't forward them would likely be next to impossible, as many applications will require the real password forwarded rather than just a hash....

0
0
Anonymous Coward

They aren't researchers, they are sellers. Their aim is to scare you into buying their product. Their get-out is weasel words like "upto" and "possible", "potential" and all sorts of other crap.

1
3
Silver badge
Facepalm

Afraid so...

Google's too busy finding flaws in competitor products to get it's own house in order...

6
0
Silver badge

A mire

Idiots wanting to get fake "likes" falling for crooks with fake apps.

4
0
Anonymous Coward

I'm enjoying sitting in my walled garden

Listening to the howling and crying from the unhappy cheapskates living in the badlands outside.

1
1
Silver badge

Re: I'm enjoying sitting in my walled garden

Mind your head on that bridge though

:-)

3
0
Silver badge

Re: I'm enjoying sitting in my walled garden

it's not the bridge that's the problem. Watch out for the big goat.

0
0
Black Helicopters

Clear Text

So... just send the stolen credentials encrypted as a comment to another Instagram account so that there isn't obvious suspicion? Oh, that applies to the other 900 phishy apps developed by less lazy crooks.

0
0

I F hate companies that try to get me to install their shitty app.

If you cant build a proper website, you probably cant build a usefull app either,

so F right off.

2
0
Bronze badge

W.C. Fields

This sounds like it fits into the "You Can't Cheat an Honest Man" category.

Under the few circumstances where you might legitimately be interested in complete strangers looking at your Instagram photos, how would an app help?

It sounds like scammers targeting spammers to me. And I have no problem with that.

1
0

Oh, following boosters. Let Instagram do anything to ghosts. Certainly I can use https://spamguardapp.com/dashboard to clean my profile, but I think Instagram has to do it instead of me, am not I right?

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

The Register - Independent news and views for the tech community. Part of Situation Publishing