Clipboard Hijacking 😈

What it is, how to do it, and how to prevent it

Photo by Markus Winkler on Unsplash

We regularly copy and paste stuff. Sometimes, the copied characters contain important information such as bank numbers or crypto wallet addresses. Attackers can replace the copied address with an address under their control. Hence you might accidentally transfer money to an attacker instead of your original target.

Why it Matters

I suspect that malware is using the clipboard all the time to steal credentials, but I haven’t found many reputable sources for specific cases:

• 2020: An iOS update revealed, that several apps were reading the clipboard without their users knowledge (source)
• 2019: Fake MetaMask App That Hijacks Ethereum dApps was in the Android Play Store (source)
• 2019: The archive server of the PaleMoon browser was hijacked using ClipBanker (source)

How is Clipboard Hijacking executed?

Clipboard Hijacking requires malware to be executed on the victims machine. It only works on end users machines as servers typically don’t have anything in the clipboard.

Reading the clipboard can be done in any language. For example, with JavaScript:

<!DOCTYPE html>
<html>…