Users are getting their Instagram Accounts Hacked by New “Nasty List” Method

Instagram is one of those social media platforms that almost everyone have account registered on nowadays. Since being acquired by Facebook nearly eight years ago, the social network has become a paradise of viral information used by everyone to make the rounds at every waking hour all over the world. Everyone shares something with the goal of going viral and being noticed by their peers, and unlike Twitter and Facebook, there is not a lot of drama going on. The bad news is that IG is being tested in their vulnerable spots again with a very unhealthy practice of stealing accounts using something called “The Nasty List” an Instagram login information stealer that is a headache to deal with.
Instagram Account Hacked

The Nasty List – What You Need To Know

The Nasty List as an event started to be registered in the first days of May of the current year. It was brought to attention by a Reedit user nicknamed “Molecularwolf.” (post link here) The guy stated that he had issues with his Instagram account after being notified by a relative about being part of the Nasty List. Since the user was approached by someone he trusts via his direct messages, he proceeded to click on the link just to get his login information stolen from a malware lined on the message.

The goal of this scam is still unclear. So far it seems the ones behind it are hoarding IG accounts for the hell of it. It’s also unclear who was user zero who started this scam campaign, but it self-replicates real quick since the virus seems to ride compromised accounts to send more direct messages to your followers. Since they are receiving a DM from someone they know (meaning: you), they are most likely to express surprise for being on an Instagram Nasty List.

This is a newest trick to hack Instagram account which we have never seen before. Other known methods are explained on Taia Global’s blog post, and the one which requires use of “Instagram Password Finder” software which we had already discussed in one of our earlier post.

If you want to take some preventive measures about this, you can find most examples of the Nasty List messages used at Bleeping Computer. The formats seem to be pretty standard jargon, but you can quickly identify them if you are aware of your contacts mannerism when they talk to you. Most messages start with something like “OMG your here at number 47” or “WOW! You’re listed on here!!! You’re ranked 89.” What all the messages seem to have in common is the inclusion of a link to the Nasty List as well as reasoning to why you are on it. If you keep following the links, you will land on a fake Instagram login page.

What Happens If You Keep Clicking?

If you don’t catch the fake URL on the login page, you are in for a world of trouble. Most people fall for it because they want to see why they are on the list in the first place. Your information will be stolen, and you will lose access to your Instagram account. So far the people behind this just shows interest on spreading the “Nasty List” as long as they can, so all your contacts will receive the same message as you and fall for it too unless they know how to avoid it. If this has an ultimate goal, it remains to be seen. So far, educated minds seem to think that the sole purpose behind this is to manage a massive spamming campaign or distributing malware on the platform.

What Should You Do If You Clicked on the Nasty List Link?

Unfortunately, you can’t do much about it other than following conventional protocols to recover your account. If you notice that something is off right there, you can change your password real quick to save your account. But if you have let time run by, the hacker will have the time to change the information related to your accounts such as the email address and the phone number associated to it. If all the information of your account has been changed, you need to follow the protocol to regain access to a hacked Instagram account detailed in their official password reset page.