Today I finally managed it to decrypt the “suspect” network packed from the top ranked iOS app “Who Cares With Me – InstaDetector“.
As I had a closer look to the iOS app I found out that the app steals the Instagram password&username to send it encrypted to “unknown” servers. The “password-stealing” algorithm and the encryption seems to be the same as in “InstaCare – Who cares with me?” a new iOS app from the “InstaAgent” developer, which malicious behaviour I discovered a few days ago. A working PoC (Proof of concept for the iOS version) can be found here. As I said the apps (InstaCare – Who cares with me? and Who Cares With Me – InstaDetector ) are very popular in a few countries, they got probably millions of downloads, Apple should remove these malware apps immediately from his AppStore! Millions of Instgramm account credentials got stolen.