|
| |
| The app is capable of retrieving confidential details and upload it to remote server. | | |
|
|
|
Next time you decide to buy/download any third-party app from Google Play, make sure you choose the right version and not the Trojan-loaded app that are available on the app store.
A mobile software developer has converted the SwiftKey Android app into a counterfeit package, that comes loaded with a trojan, which is highly dangerous to use.
According to a theregister report, Georgie Casey, the developer, who created a modified version of SwiftKey using a tool called apktool, derived it from the basics of Android and Java.
|  |
The app called Keylogger SwiftKey APK, was released on his website and was clubbed with an explicit warning that it was to be used by interested parties to prove his theory. "Apktool isn't keylogging software, it's an Android app dissassembler," Casey was quoted as saying.
"You dissassemble a Swiftkey keyboard, code your keylogger code that sends keylogs to my server, re-assemble with Apktool and now you've a keylogger. You still have to convince people to install it though," he added.
According to Casey, any third-party app downloaded from the app store carries high level of risk and apart from Android, the threat is relevant for iPhone apps on a jail-broken phone also. "Cracked copies of PC and iPhone apps can have malware as well, of course, but on both those platforms most software is compiled to machine code," Casey writes.
The modified code is apparently capable of uploading any keystrokes entered by unaware users to a remote server. And apart from games, apps like SwiftKey also hold similar threat.
Google Play is being blamed for the problem as unofficial app stores in the developing world offer various third-party apps, that are easily available on such platform.
Aadeetya S, EFYTIMES News Network |
|
No comments:
Post a Comment