A recent report highlights a potential threat to iPhone users as malicious keyboards, capable of evading Apple’s stringent security checks, are reportedly being used to spy on user activity. While Apple rigorously checks apps distributed through the App Store, these third-party keyboards find their way onto iPhones through alternative channels meant for developers to test their apps on iOS. Once installed, these keyboards discreetly collect sensitive user data, including messages, passwords, browsing history, bank credentials, and other typed text on the phone.

Security firm Certo Software warns that hackers are distributing third-party keyboards as a form of ‘stalkerware,’ referring to spyware apps or services used to monitor and stalk individuals online. While distributing such malicious apps through the App Store is challenging due to Apple’s pre-publication scans, hackers have reportedly turned to TestFlight for distribution.

TestFlight, an online platform by Apple, allows developers to invite individuals to test unreleased software or run beta tests before publishing on the App Store. According to Certo Software, hackers exploit this platform to distribute malicious third-party keyboards to unsuspecting iPhone users, including partners, friends, or family members.

Upon installation, the malicious keyboard requires the target’s iPhone to enable a setting that allows third-party keyboards to collect user data. By default, iOS restricts any keyboard from accessing the internet. Once granted permission, the keyboard can transmit all collected keystrokes, encompassing chat messages, passwords, notes, browsing history, OTP codes, bank credentials, and more.

Certo Software shares a screenshot revealing the striking resemblance of the malicious keyboard to Apple’s default keyboard, making it challenging for users to identify such apps on their smartphones. Stalkers can access the captured data through a web portal.

The security firm suggests that Apple could enhance user awareness by implementing a notification system, similar to WhatsApp’s new login alert, notifying users when a new keyboard is installed.

Users can protect themselves by checking installed keyboards in Settings > General > Keyboard > Keyboards. Recognizing any unfamiliar keyboards and promptly deleting them can prevent potential threats. Additionally, users should monitor the presence of unauthorized software and seek support if they suspect being targeted by stalkerware on their devices. Changing device passcodes ensures exclusive access to the phone, enhancing overall security.