According to RSA, while Zbot is typically used to fraudulently obtain users’ passwords, the variant in question appears to check the availability of user names on Instagram, for the purposes of creating fake accounts that can be sold to users or businesses looking to boost their follower counts.
Most of the accounts that are made available for sale do not represent actual users, and, much like with Twitter, they are used to distribute spam, according to RSA, which added that the fake accounts typically include an actual word, followed by four or more random characters, suggesting that they are computer-generated.
The malware also likes photos on other Instagram users’ accounts, RSA reported. For a detailed explanation on how the Zbot Trojan works, please see the security firm’s blog post.
Readers: Have you ever encountered any suspicious accounts on Instagram?
Screenshots courtesy of RSA. Warning image courtesy of Shutterstock.