Using tricks to sidestep the app store’s restrictions, malware operators pillaged passwords, keystrokes, and other data.