top of page

Malicious Keyboards Spy on iPhone Users

In a disconcerting revelation, a new form of keylogging through malicious keyboard apps has been uncovered, presenting a substantial threat to iPhone users by bypassing Apple's security detection measures. This emerging vulnerability goes beyond typical keylogging, allowing threat actors to illicitly access sensitive information, including passwords, authentication codes, notes, and private messages.


The seriousness of the situation is heightened by the fact that this malicious technique is not only affordable but also easily accessible, with spyware developers offering keylogging services for just $30. This revelation serves as a stark reminder that even iPhones, often considered highly secure, are not immune to innovative cyber threats.


Reports from Cyber Security News indicate that this method requires no specific prerequisites for exploitation and is compatible with all iPhone models, leveraging an existing feature within the iOS system. The technique involves the malicious actor setting up a custom keyboard on the victim's device in a way that secretly logs all keystrokes and transmits them to an online portal. The flexibility of this approach allows the threat actor to access the portal from anywhere in the world.

The ease of exploiting this technique is attributed to the lenient review process of TestFlight apps, a platform for developers to test iOS apps before their official launch on the App Store. Unlike other applications, TestFlight apps undergo a less stringent review process, providing a potential gateway for malicious actors to deploy these keylogging tactics.


Detecting and preventing these malicious keyboards poses a challenge as they closely mimic Apple's default keyboard. With only two default keyboards, "English (US)" and "Emoji," any unfamiliar keyboards should raise suspicion and be promptly removed. To delete an unknown keyboard, users can follow a simple process: tap Edit, tap the Red "-" button on the unfamiliar keyboard, and tap Delete.


A comprehensive report detailing this technique, including information on the method itself, the online portal, and the cybercriminals involved, has been published. To guard against potential threats, users are strongly advised to follow these preventive measures, underscoring the importance of vigilance in an increasingly sophisticated cybersecurity landscape.


bottom of page