These 'Instagram apps' promise free followers but steal your account info instead

A phone screen showing the Instagram app and the Instagram logo
(Image credit: Shutterstock)

Building a bigger following on social media is enough of a lure that hundreds of Instagram users have already been tricked into giving up their account credentials to cybercriminals.

As the Meta-owned platform has become increasingly popular, users have begun looking for ways to increase their follower numbers and in turn, boost their popularity. According to a new blog post from McAfee though, Instagram’s large user base has not gone unnoticed by cybercriminals who have created a new Android malware disguised as an app that can increase a user’s followers and likes.

There are a number of similar apps that can easily be found with a quick online search. However, as these kinds of apps go against Instagram’s terms of service, they all need to be sideloaded since they aren’t available on the Google Play Store or other official app stores. This also means that they are not vetted and can contain malware, trojans or other viruses.

InstaFollower app

InstaFollower App

(Image credit: McAfee)

The app analyzed by McAfee’s Mobile Research Team is called InstaFollower and it promises “free and hassle-free instagram followers and instragram likes” through 4,500 daily follower and 4,000 daily like credits. The researchers observed that after showing an advertisement, the app immediately shows a malicious website. InstaFollower tries to bypass Android antivirus apps by performing malicious activities on the website’s backend as opposed to doing so within the app itself.

According to the malicious website, it says that transactions are carried out using Instagram’s own API system with your username and password. InstaFollower then claims that it is secure since it uses user credentials via Instagram’s official server and not through its own remote server. Minutes after installing and using the app though, McAfee’s researchers received abnormal login attempts from Turkey coming from a smartphone in the country.

The way that InstaFollow is able to deliver on its promise of free followers and likes is by using the credentials from those using the app to boost the social media following of others that have installed it. Essentially, everyone who uses the app has a relationship with one another and all of the credentials obtained from it are used in the malware creator’s database.

Spread via Telegram and YouTube

InstaFollower and the malware it contains is currently being promoted on both Telegram and YouTube according to McAfee.

While several Telegram channels are promoting YouTube videos that discuss how to use InstaFollower and similar apps to increase your followers and likes, the videos themselves contain actual links to the malware in question.

During their investigation, McAfee’s researchers found a video from a famous YouTuber with over 190,000 subscribers promoting the malicious app. In the video’s comments section, several users complained about having their Instagram account credentials stolen and said that their secondary account passwords had been changed as well.

It appears that English, Portuguese and Hindi-speaking users are the most affected by this scam. While Hindi was the most common and videos in that language had over 100 views, the famous YouTuber’s video already has more than 2,400 views. During its investigation, McAfee’s test account gained 400 followers in one day which means that at least 400 users have sent their Instagram credentials to the malware author so far.

How to grow your Instagram audience organically

Instagram logo on iPhone with Instagram website in background.

(Image credit: Wichayada Suwanachun | Shutterstock)

Installing any third-party Instagram app comes with the risk that your account can be banned or worse, your credentials can be stolen. This is why you shouldn’t rely on apps or services to boost your follower count and likes and should instead do the work to grow your audience on the platform organically.

First off, you should work on optimizing your Instagram account according to a blog post form Sprout Social. This entails filling out your bio completely and adding a link to your website if you have one, adding captions to your images and using a proper username and profile picture.

To grow your following, you can also schedule Instagram posts in advance so that you don’t miss any of the peak times to post throughout the day. Likewise, showcasing your Instagram on your other social media accounts can help you grow your followers and likes. When it comes to making memorable posts, Sprout Social suggests pairing eye-catching visuals with captions that can help start a conversation on the platform.

Finally, there’s a huge difference between an account having fake and legitimate followers. As such, it’s worth going through your account and weeding out any fake followers to add legitimacy to your Instagram.

Anthony Spadafora
Senior Editor Security and Networking

Anthony Spadafora is the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to password managers and the best way to cover your whole home or business with Wi-Fi. Before joining the team, he wrote for ITProPortal while living in Korea and later for TechRadar Pro after moving back to the US. Based in Houston, Texas, when he’s not writing Anthony can be found tinkering with PCs and game consoles, managing cables and upgrading his smart home.