We regularly copy and paste stuff. Sometimes, the copied characters contain important information such as bank numbers or crypto wallet addresses. Attackers can replace the copied address with an address under their control. Hence you might accidentally transfer money to an attacker instead of your original target.
I suspect that malware is using the clipboard all the time to steal credentials, but I havenβt found many reputable sources for specific cases:
Clipboard Hijacking requires malware to be executed on the victims machine. It only works on end users machines as servers typically donβt have anything in the clipboard.
Reading the clipboard can be done in any language. For example, with JavaScript:
<!DOCTYPE html>
<html>
<body>
<button onclick="readClipboard()">Read Clipboard</button>
Clipboard:
<p id="output"></p>
<script>
function readClipboard() {
navigator.clipboard.readText()
.then(text => {
document.getElementById("output").innerHTML = text;
})
.catch(err => {
console.error('Failed to read clipboard: ', err);
});
}
</script>
</body>
</html>
However, the browser only allows it if the user gives the consent. For every single time:
However, browser extensions are a different story.
You can also read the clipboard with Python or any other programming language. There the users are not protected by the operating system. Once the software is installed, it can access the clipboard:
import pyperclip
pyperclip.paste()
Malicious software can be downloaded onto a victimβs computer and can then monitor the clipboard for sensitive information, such as passwords or credit card numbers. Once the malware detects this information, it can send it back to the attacker.
Besides stealing clipboard contents, they can also be manipulated. For example, if the malware detects a bank account number or a crypto wallet address in the clipboard, it could change the contents to the attackers address. It can look like this:
import time
import pyperclip
while True:
content = pyperclip.paste()
if content.startswith(“0x”):
# Detected a wallet address
attackers_address = “mgk4owiQ4M8WFZBB4KsWUBcZ7m3E4ix4Gy”
pyperclip.copy(attackers_address)
time.sleep(1)
First and foremost: Make sure you donβt get malware on your machines. The two most important points are to (1) only install trustworthy software and (2) install security updates.
Iβm uncertain if Antivirus software can see if other software access the clipboard. I donβt think so. That means the contents of the clipboard cannot be protected from malware running on your machine.
In this series about application security (AppSec) we already explained some of the techniques of the attackers π and also the techniques of the defenders π:
Let me know if you are interested in more articles around AppSec / InfoSec!
I love writing about software development and technology π€© Donβt miss updates: Get my free email newsletter π§ or sign up for Medium βοΈ if you havenβt done it yet β both encourage me to write more π€