UP TO 100,000 particularly gullible users of food and cat picture sharing website Instagram were tricked into sharing credentials through an app promising things that were quite clearly ridiculous.
Instlike, which was at one stage number 22 in the Utilities section of the Apple App Store, automatically started liking random photographs from random accounts claiming to acquire likes as it went, and moreover - although being free to download - even included in-app purchases to accelerate the process at users expense.
"We don't steal your account," claimed the app which had nearly half a million downloads in the Google Play Store before being scuppered. However, "we don't steal your account" actually meant, "We will add you to our botnet."
This brazen phishing scam is a clear demonstration that smartphone users are using the app store environment as a guarantee of a safe environment, and that not all developers are as good as their word when it comes to promises of integrity.
But most of all it demonstrates that users still aren't getting the message that if it sounds too good to be true, it probably is. The promise of followers without having to work for them is one of the oldest in the social media book, and the brazenness of this attack shows that it is still a very effective one, with the number of downloads being on a par with many successful game franchises.
The opportunism shown is in line with the recent spate of fake Blackberry Messenger (BBM) apps that appeared after the delay of the Android BBM app.
All users who have downloaded the app are being advised to remove it immediately and change their passwords, lest their pictures of a particular satisfying lunch they ate last week be accessible by the villainous scoundrels behind Instlike. µ
It's time for our regular two-step through the Google news
Bug bounty offer: accepted