Just to be on the safe side I'll suggest you just avoid downloading any third party keyboard most especially those ones that have a fancy look and just continue using the inbuilt keyboard.
I have been using 3rd party keyboard (Swiftkey) for a decade or so as I can't stand Samsung in built ones and had no issues whatsoever. You just have to use the common sense and stick to the best known ones and you shouldn't have an issue. And by common sense I mean checking at least first few and last few characters of the address and not using mobile phone wallet for anything other than a hot storage where you keep smaller amount of crypto.
I think it is common with fancy third party keyboards. But with built in android keyboards that was installed alongside the OS hardly get Malware attack except the device is regularly using hotspots from unknown and untrusted users.
Possible? Definitely. Common? I don't think so. Otherwise we would hear so many cases of people being hacked that way.