He demonstrated
how to inject a Keylogger snippets of code into a legitimate Android
Keyboard application that infected a mobile device with Trojan,
connected with a remote server and transmitted data from the
device inducing your all key logs.
"Cracked copies of PC and iPhone apps can have malware as well of
course but on both those platforms most software is compiled to machine
code. Android apps are coded in Java and compiled to byte code that is
run on the Dalvik VM and this byte code is not that hard to edit and
insert back into an APK." he explained.
He developed a keylogger from SwiftKey(APK Download), a malicious Java program designed to collect and send all key logs to a remote server. Along with the host IP address.
Android malware is growing at a far more rapid pace than for other
mobile platforms. For a Cyber Criminals, it is not important to develop
their own malware program from scratch, Reversing ready-mate apps
and inserting malware code can easily make their job more easy.
Users really need to think about permissions and consider what the app
is asking to do, and to be careful where they are downloading apps from.
No comments:
Post a Comment