[Mobile Application]
Security Research Center
Clipboard attacks
Android mobile malware can target the device clipboard. This type of malware can exploit the Android clipboard to harvest sensitive data that the device user copies to clipboard to paste later.
Once the malware gains access to the clipboard, it can continuously monitor and extract any data copied to it. This could include passwords, credit card numbers, personal messages, or any other sensitive information a user might copy. This process often goes unnoticed by users.
Android apps can access the clipboard through the ClipboardManager API. While this feature is designed for legitimate use, such as copying and pasting text, it can be exploited by malicious apps.
Defense techniques overview
---
title: Malware clipboard attacks
---
graph TD
all[All malware attacks] --> steal_clipboard
click all href "/mobile-app-security-research-center/malware/overview" "Malware overview"
steal_clipboard[Spy on users' clipboard]
steal_clipboard --> prevent_copy([Prevent copying])
steal_clipboard --> mfa([2FA/MFA ⭐])
style prevent_copy fill:lightgreen
style mfa fill:lightgreen
click prevent_copy href "/mobile-app-security-research-center/malware/copying-protection" "Prevent copy"
click mfa href "/mobile-app-security-research-center/malware/multi-factor-authentication" "Multi factor authentication"
Recommended defense tactics
We recommend using multi-factor authentication.
We do not recommend other countermeasures for clipboard spying attack, as they are ineffective or have excess negative impact on user experience.
For example, preventing password pasting in a banking application will make the usage of a password manager difficult, potentially forcing the user to select easier passwords. At the same time, it will not deter clipboard monitoring as the user will discover the limitation only after copying the password to the clipboard.
Guardsquare
Connect with the author
Table of contents
