iOS
Android
Threat Summary
Malware
November 17, 2015

InstaAgent: What It Is and What You Can Do About It

Person holding smartphone with Instagram login on display.

Recently, news broke about a concerning app called InstaAgent. The app connects to the victim’s Instagram account and sends the user’s login credentials unencrypted to its servers. Here’s what we know about the threat.

What is it?

InstaAgent, found by researcher Peppersoft, promised Instagram users that it would show them who viewed their profiles, but instead, it sent the person’s Instagram login credentials in plain text, or unencrypted, back to its servers. The app was available in both the Google Play Store as well as the Apple App Store and may have been downloaded over 500,000 times. “Plain text” transmission is concerning as someone eavesdropping on the app’s communications to its serves could theoretically see the passwords while they are in transit.

Instagram itself was not breached, however individuals’ Instagram accounts could be breached if someone found and used these passwords.

How bad is it?

We believe people should be aware of the threat and remove the app from their device.

One of the biggest problems with leaked credentials is that many people share their passwords across accounts. Oftentimes, when these credentials fall in the wrong hands, that bad actor checks those credentials across a myriad of websites to see what she can access. You want to ensure that you have different and complex passwords for any sensitive accounts.

Am I protected?

Lookout users, including both individuals and enterprises, are protected and will be alerted if InstaAgent is present on their device.

Individual Lookout users running Android or iOS 8 and below are fully protected. However, due to limitations in iOS 9, Lookout is not able to alert those individuals of this threat.

Enterprises using Lookout Mobile Threat Protection are fully protected across iOS and Android and will be alerted if InstaAgent is present on employee devices.

What else should I do?

If you have InstaAgent, look for the icon on your device.

Delete the application and immediately change your Instagram password. If you used your Instagram password across multiple accounts, you should change those passwords immediately as well.

In general, you should always do thorough research on any third-parties before allowing them access to your personal accounts. Reading developer reviews is a good place to start.

Authors

Lookout

Endpoint Security
Platform(s) Affected
iOS
Platform(s) Affected
Android
Entry Type
Threat Summary
Threat Type
Malware
Platform(s) Affected
iOS
Android
Threat Summary
Malware

Related Content

CVE-2025-31200-31201 Update

CISA recently added guidance to CVE-2025-31200, a memory corruption issue, and CVE-2025-31201, an arbitrary read and write issue.

Read Threat Article

CVE-2025-24201 on iOS

CISA recently provided guidance for CVE-2025-24201, an out-of-bounds write issue in WebKit. There has been evidence of active exploitation of this CVE.

Read Threat Article

Lookout Discovers New Spyware by North Korean APT37

Lookout researchers have discovered a novel Android surveillance tool dubbed KoSpy. It is attributed to APT 37 aka ScarCruft.

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell