The Instagram Virus: What It Is and How to Remove It

5 ways hackers invade your space on Instagram

The Ultimate Guide to Instagram
The Ultimate Guide to Instagram
Introduction

Instagram might seem like a fun, harmless social network where you can keep up with all your friends, celebs on Instagram, and favorite brands. But there's a nasty Instagram virus that could be hiding in some of the posts and messages you're seeing, just waiting to hijack your account.

What Is the Instagram Virus?

The "Instagram virus" is a broad term used to describe a range of malware viruses/phishing scams that have surfaced on the popular social network. These viruses spread by hacking accounts and leading followers to spoof web pages from links that appear in fake profile bio sections or in posts throughout the feed.

While lots of people refer to this as a virus, this isn't a virus as commonly defined. It's more of a phishing attack that is trying to trick you into giving up your login information.

A conceptual illustration of an Instagram virus.
Lifewire / Theresa Chiechi

How Does the Instagram Virus Work?

The most common variations of the Instagram virus have nicknames that have spread across the web to help warn everyone. Here are five of the top Instagram viruses you should know about.

The Ugly List

The Ugly List involves a hacked account tagging their friends in a post with a comment telling them that they've been included in some kind of list of ugly people. The tagged comment might read "omg ur account is ranked #26," or "hey u made the ugly list lol."

In the notification that a tagged user receives, there's a link included to see the full post. Once a user taps on the link, they're taken to what appears to be a login page, which asks for their Instagram account details to see the Ugly List.

After their details have been entered, their account can then be hacked to post the same ugly list image. Their friends are then tagged in it and just like a domino effect, the virus spreads.

The Nasty List

The Nasty List is a variation of the Ugly List, which basically works the exact same way, except it typically uses direct messages instead of tagged notifications to target victims.

A user receives a direct message from a hacked account telling them that they've been ranked on some kind of list of Instagram accounts that rate their attractiveness. In the comment, a user's account handle is included, which is highlighted in blue and therefore clickable (such as @TheNastyList_99 or @Official_NasytList354).

Once the tagged user taps to click on the user's account handle, they're taken to the corresponding profile. At the very least, it will include a generic profile photo, a link in the website section and a description in the bio instructing the user to find out where they've been ranked.

The link leads to a fake Instagram login page where the virus scam artists can hack obtain login details and hack those accounts.

The Hot List

The Hot List virus is almost identical to The Nasty List virus. The only real difference is that it tricks victims into thinking they've been ranked in some list of attractive users as opposed to a list of unattractive users. The goal is the same — to get innocent victims to hand over their login details.

Who Viewed Your Instagram Profile

There have been several bogus third-party apps appearing on the App Store and the Google Play Store that claim to let you see a list of Instagram users who've viewed your profile. Instagram, however, doesn't make this information available for privacy reasons, so any app that claims to do so is absolutely lying.

These apps ask you to enter your Instagram login details so they can eventually hijack your account.

Ray-Ban Sunglasses

Popular sunglasses brand Ray-Ban was used to launch a widespread Instagram virus in mid 2019 where hacked accounts would post promotional images of hugely discounted products that were up to 70, 80 or 90% off. There was also a sketchy web address that was featured on the post.

The web address included on the post led to a phishing website where innocent victims were tricked into handing over their Instagram login details and potentially other personal information.

How Do I Know I Have the Instagram Virus?

If you suddenly find new posts or details changed on your Instagram account, you probably have the virus. The same is true if you try to log into your Instagram account and your login details don't work. The reason your login credentials don't work is because when you were tricked into signing in, the folks who tricked you immediately changed your password.

How Did I Get the Instagram Virus?

You probably clicked on a link on Instagram, which led to a spoof page that was designed to look like a legitimate Instagram login page. If you entered your Instagram login details into the site, the hackers used them to hack your account.

Even just clicking on any of these links without entering any login details can put you at risk of infecting your device with malware, other compromised accounts and additional spam.

How Do I Get Rid of the Instagram Virus?

If you notice suspicious activity on your Instagram account and still have access to it, you need to change your password immediately. Go to your profile > menu > Settings > Security > Password to change your password.

Always try to make a strong password for your social media accounts. You should also enable two-factor authentication from the Security tab if you haven't already.

If you can't get into your Instagram account, you need to follow Instagram's Hacked Accounts Help page to take the necessary steps to regain access to your account.

Regardless of whether you do or don't have access to your Instagram account, you should also revoke access to any suspicious third-party sites or apps by selecting Apps and Websites from the Security tab and scan your device for malware with antivirus software.

How Can I Avoid Getting the Instagram Virus?

The Instagram virus was created to trick people in the sneakiest ways possible, so spotting the signs before it's too late is crucial. Follow these tips:

  • Never click or tap on a link too quickly. If you're not sure, Google the main address (website.com, .net. .org, etc.) of the link to check that it's reputable.
  • If anyone tags you or messages you about being included in some kind of "list," don't seek it out.
  • Beware of profiles with no posts, but include bio descriptions urging you to visit their website.
  • Avoid installing any third-party apps that claim to tell you who's looked at your profile.
  • If you suspect a friend's account has been hacked, contact them and tell them to follow Instagram's Hacked Accounts Help page.