[Mobile Application]
Security Research Center
Malicious keyboard attacks
Malware targeting Android apps through a fake keyboard is a form of attack that leverages the extensive permissions often granted to keyboard applications.
Upon installation, a fake keyboard app requests extensive permissions. Users might grant these permissions without suspicion, as keyboard apps legitimately require broad access to function properly. For example, they often need access to input text, read user input, and sometimes require network access.
Once installed and permissions are granted, the malware can log keystrokes, which allows it to capture sensitive data like passwords and credit card information. The captured data is often transmitted back to a server controlled by the attacker.
Defense techniques overview
---
title: Malware malicious keyboard attacks
---
graph TD
all[All malware attacks] --> steal_kb
click all href "/mobile-app-security-research-center/malware/overview" "Malware overview"
steal_kb[Malicious keyboards]
steal_kb --> secure_keyboard([Secure in-app keyboard ⭐])
style secure_keyboard fill:lightgreen
click secure_keyboard href "/mobile-app-security-research-center/malware/secure-in-app-keyboard" "Secure in-app keyboard"
Recommended defense tactics
We recommend using a secure keyboard.
Guardsquare
Connect with the author
Table of contents
