Are you curious about who viewed your profile on Instagram?

This is probably the most frequently asked question nowadays, and there are several applications available on Google Play Store and Apple App Store, which claims to offer you the opportunity to see who is looking at your Instagram profile.

But, should we believe them?

Is there really some kind of way out to know who viewed your Instagram profile?

The shortest answer to all these questions is 'NO', such functionality does not exist on Instagram at the moment.

But, thousands of users still have hope and hackers are taking advantage of this to target a broad audience.

Recently, security researchers have discovered some malicious applications on Android Google Play Store as well as iOS App Store, which are entirely a hoax, targeting Instagram users.
The iOS app is named "InstaCare - Who cares with me?" and is one of the top apps in Germany, while the Android app is dubbed "Who Viewed Me on Instagram" that has more than 100,000 downloads and 20,000 reviews.

Both the apps are developed by Turker Bayram – the same developer who created the malicious "InstaAgent" app for Android and iOS platform late last year that secretly stole users' Instagram credentials.

The recent applications by Bayram also have the same functionality, luring Instagram users into believing that the app would let them know who viewed their profile. The app claims to:

Show you up to most recent 100 lists for your Instagram profile.
Display your friend list in order, who cares your profile most with your profile interaction.

But in reality…

The malicious apps abuse the authentication process to connect to Instagram and steal user's Instagram username and password, according to a blog post published by David Layer-Reiss from Peppersoft.

Since third party applications use API to authenticate themselves with the legitimate apps, users generally provide their same credentials to authenticate with different applications and services.

Here's How an App Can Hack Your Instagram Accounts

Today, it is quite easy for hackers to target large audience – Just abuse the name of a popular application and give users option beyond the legitimate one.

Users will simply provide their critical data, including their credentials, without knowing its actual consequences.

Once users install 'InstaCare' or 'Who Viewed Me on Instagram' on their iOS or Android device, they are immediately served a login window that forced victims to log in with their Instagram credentials.

Since the apps advertise itself to show you who viewed your Instagram profile, most users fall victim to the apps and enter their account credentials without a second thought.

The usernames and passwords are then encrypted and sent to the attacker's server. The attacker will then use those credentials later to secretly log on and take full control of the hacked Instagram accounts and post spams on the user's behalf.

Security researchers from Kaspersky Labs also confirmed David's findings. You can refer Kaspersky's blog post for more technical details on the malicious apps.

At the time of writing, neither Apple nor Google has removed the malicious apps from their official App Stores, which means that the malicious apps are still available to users for download.
It's not at all surprising that the play stores are surrounded by a number of malicious apps that may gain users' attention to fall victim for one.

But, the fact that both Apple and Google got fooled again by the same developer shows how hard it is to keep an eye on a developer who already published a malicious app and to manage the app stores in a secure manner.

Here's How to Protect Yourself

If you've already installed one of these apps and have now seen the error of your ways, and remove the culprit from your apps list too.

So if you have already fallen victim to this scam, hurry up!
  • Uninstall the apps mentioned above from your smartphone if you have one.
  • Change your Instagram password immediately.
For better security, enable two-factor authentication on your Instagram account.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.