Peppersoft

#1 ranked app from the iOS AppStore is a password-stealing malware.

Home  >>  Uncategorized  >>  #1 ranked app from the iOS AppStore is a password-stealing malware.

#1 ranked app from the iOS AppStore is a password-stealing malware.

On March 21, 2016, Posted by , In Uncategorized, With 1 Comment

Today I finally managed it to decrypt the  “suspect” network packed from the top ranked iOS app “Who Cares With Me – InstaDetector“.

IMG_2180IMG_2179iosPacket

As I had a closer look to the iOS app I found out that the app steals the Instagram password&username to send it encrypted to “unknown” servers. The “password-stealing” algorithm and the encryption seems to be the same as in “InstaCare – Who cares with me?” a new iOS app from the “InstaAgent” developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here. As I said the apps (InstaCare – Who cares with me? and Who Cares With Me – InstaDetector )  are very popular in a few countries, they got probably millions of downloads, Apple should remove these malware apps immediately from his AppStore! Millions of Instgramm account credentials got stolen.

One Comment so far:

  1. Jesper says:

    Hi, Not only for iOS. For Android you can find here a long-read about the problems with those apps. (in dutch) https://www.droidapp.nl/nieuws/pas-op-who-viewed-me-on-instagram-apps-hacken-account/

Leave a Reply

Your email address will not be published. Required fields are marked *