Apple offers an app called TestFlight for developers who want to test their apps. Up to 10,000 people can download TestFlight apps, which aren’t subject to the same scrutiny as final builds of apps.

British cybersecurity company Certo Software has found that cybercriminals are taking advantage of these lax policies to spy on iPhone users using third-party custom keyboards.

It be your own people

Certo has discovered that online criminals are offering keylogger services for those who want to keep tabs on someone they know. For as low as $30, people can install a malicious app with a third-party keyboard on someone’s phone covertly.

After the carrier app is downloaded, the third-party keyboard can be installed via the Settings app and configured to give ‘Full Access’ to an iPhone. The default iPhone keyboard is then replaced with the custom version.

The keylogger-laced keyboard records and sends all the inputs made by the victim. This gives the hacker and the abettor access to messages, the names of the websites the target visited, two-factor authentication codes, and passwords.

Since the apps are distributed through TestFlight, they avoid the strict process that apps meant for the App Store go through.

Default iPhone keyboard vs custom keyboard with keylogger

The custom keyboards look the same as the default iPhone keyboard so most people won’t realize that something fishy is up. The only way to check for them is by navigating to Settings, then tapping on General, then selecting Keyboard, and then going to Keyboards.

If you see a third keyboard in addition to ‘English (US)’ and ‘Emoji’ that you don’t remember installing, you should get rid of it by tapping on ‘Edit’ and selecting ‘Delete.’

Certo came to know about this campaign when it heard of multiple cyberstalking incidents where stalkers knew everything that a victim had typed into their phone.