FakeInsta

High-level Description

Year: 2019
Blog: https://blog.malwarebytes.com/cybercrime/2019/04/instagram-password-stealing-apps-found-on-google-play/

This malware application opens a fake instagram login page to phish social account credentials from the user. On launch of the application, the sample opens a web page to the user. The user logs into the web page, and once the page finishes, the credentials are checked in bytecode to ensure the format is correct before leaking it to the malware developers server.

Signature

The image of the signature can be downloaded here for closer inspection.