Fig. 4
From: Using IM-Visor to stop untrusted IME apps from stealing sensitive keystrokes
Prefix-substitution attack. I-Box uses a policy engine to search substring in the output of an IME app. Malicious IME apps can obfuscate sensitive string into non-sensitive string to fool I-Box and leak it out to a remote server