One of the best 3rd party Android Mobile Keyboard called 'SwiftKey' turned into a Keylogger Trojan by an Android developer to show the possible security threat of using pirated cracked apps from from non-official App Stores, "anyone pirating Swiftkey is taking a serious risk" developer said to 'The Hacker News'.
He demonstrated how to inject a Keylogger snippets of code into a legitimate Android Keyboard application that infected a mobile device with Trojan, connected with a remote server and transmitted data from the device inducing your all key logs.
"Cracked copies of PC and iPhone apps can have malware as well of course but on both those platforms most software is compiled to machine code. Android apps are coded in Java and compiled to byte code that is run on the Dalvik VM and this byte code is not that hard to edit and insert back into an APK." he explained.
He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server (Check Keylogs) Along with the host IP address. He explained the complete code also on his blog.
Android malware is growing at a far more rapid pace than for other mobile platforms. For a Cyber Criminals, it is not important to develop their own malware program from scratch, Reversing ready-mate apps and inserting malware code can easily make their job more easy.
Users really need to think about permissions and consider what the app is asking to do, and to be careful where they are downloading apps from.