<p>Google and Apple have removed a malicious third-party Instagram app that stole passwords -- but only after it had become a top-grossing app in the App Store and gained over 100,000 users from Google Play. The app claimed to tell users who viewed their profile. But InstaAgent would then use those credentials to access accounts and post images in Instagram profiles promoting the app. Before Google pulled down the app, it had been downloaded as many as 500,000 times from Google Play. According to analytics firm AppAnnie, there were two InstaAgent apps on the App Store. The first, 'Who Viewed Your Profile - InstaAgent', has been removed. A second app, called just 'InstaAgent', ensures Instagram links from Twitter open in the Instagram app rather than Safari. This second app hasn't been removed and does not appear to be linked to the malicious app, which made its App Store debut on October 10.</p>