InstaAgent, the Instagram client that topped free-downloads in 15 countries, carried malware that distributed Apple users’ passwords and photos.
Half a million Apple customers were exposed before the issue was discovered.
InstaAgent allowed users see who views their Instagram profile. When installed, it asked for Instagram usernames and passwords.
Developers at German company Peppersoft discovered login credentials were being stored UNENCRYPTED in the app and uploaded to a third party server.
The news broke Tuesday when German app company Peppersoft found issues with InstaAgent code. The client has since been pulled from Google Play and the AppStore.
The InstaAgent debacle comes a month after Apple had to kill 100’s of Apps it was selling over malware breaches caused by compromised developer tool kit.
READ MORE: Malware infects hundreds of apps in Apple’s official store