Clipboard attacks

    Android mobile malware can target the device clipboard. This type of malware can exploit the Android clipboard to harvest sensitive data that the device user copies to clipboard to paste later.

    Once the malware gains access to the clipboard, it can continuously monitor and extract any data copied to it. This could include passwords, credit card numbers, personal messages, or any other sensitive information a user might copy. This process often goes unnoticed by users.

    Android apps can access the clipboard through the ClipboardManager API. While this feature is designed for legitimate use, such as copying and pasting text, it can be exploited by malicious apps.

    Defense techniques overview

    --- title: Malware clipboard attacks --- graph TD all[All malware attacks] --> steal_clipboard click all href "/mobile-app-security-research-center/malware/overview" "Malware overview" steal_clipboard[Spy on users' clipboard] steal_clipboard --> prevent_copy([Prevent copying]) steal_clipboard --> mfa([2FA/MFA ⭐]) style prevent_copy fill:lightgreen style mfa fill:lightgreen click prevent_copy href "/mobile-app-security-research-center/malware/copying-protection" "Prevent copy" click mfa href "/mobile-app-security-research-center/malware/multi-factor-authentication" "Multi factor authentication"

    Recommended defense tactics

    We recommend using multi-factor authentication.

    We do not recommend other countermeasures for clipboard spying attack, as they are ineffective or have excess negative impact on user experience.

    For example, preventing password pasting in a banking application will make the usage of a password manager difficult, potentially forcing the user to select easier passwords. At the same time, it will not deter clipboard monitoring as the user will discover the limitation only after copying the password to the clipboard.


    Table of contents