• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Shein App Accessed Clipboard Data on Android Devices

You are here: Home / General Cyber Security News / Shein App Accessed Clipboard Data on Android Devices
March 7, 2023

An aged variation of the Shein mobile application, from the Chinese on the net quick vogue retailer, has been noticed periodically accessing the contents of the Android device clipboard.

The findings arrive from Microsoft, who wrote about them in an advisory revealed by Dimitrios Valsamaras and Michael Peck of the Microsoft 365 Defender Analysis Crew on Monday.

“If a particular pattern was present, [the app] despatched the contents of the clipboard to a remote server. Although we are not specially knowledgeable of any destructive intent behind the behavior, we assessed that this habits was not necessary for people to execute their tasks on the app.”

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


Following identifying the conduct, the tech giant claimed it to Google (who operates the Android Engage in Keep), who opened a similar investigation.

“In Could 2022, Google educated us, and we confirmed that Shein eradicated the actions from the application,” reads the Microsoft advisory.

As a outcome of the disclosure, Google reportedly acknowledged the risks linked with clipboard entry and manufactured enhancements to the Android OS. In distinct, on Android 10, apps can not entry the clipboard except they have target or are established as the default enter technique editor.

On Android 12, a toast message now allows consumers know when applications connect with the ClipboardManager to entry clipboard facts from a different software for the initially time. And on Android 13, the clipboard’s articles is automatically cleared to provide further security.

Past the certain case of the Shein application, Microsoft highlighted that threats concentrating on clipboards have now been spotted in the wild.

“[These] can put any copied and pasted facts at risk of becoming stolen or modified by attackers, these as passwords, economical aspects, own details, cryptocurrency wallet addresses and other sensitive information,” Valsamaras and Peck wrote.

To protect versus these threats, the security researchers advised customers usually preserve applications up to date and in no way set up apps from untrusted resources.

“Consider removing purposes with surprising behaviors, these types of as clipboard entry toast notifications, and report the behavior to the seller or application store operator,” they included.

The Microsoft advisory comes months immediately after Shein’s holding corporation, Zoetop, was fined $1.9m for failing to effectively tell buyers of a data breach.

Editorial credit images: VicVa / Shutterstock.com


Some sections of this posting are sourced from:
www.infosecurity-magazine.com

Previous Post: «Cyber Security News Ransomware Attack Against Barcelona Hospital Disrupts Operations
Next Post: Sharp Panda Target Southeast Asia in Espionage Campaign Expansion Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Malicious Python Package Uses Unicode Trickery to Evade Detection and Steal Data
  • Some GitHub users must take action after RSA SSH host key exposed
  • THN Webinar: Inside the High Risk of 3rd-Party SaaS Apps
  • Pension Protection Fund confirms employee data exposed in GoAnywhere breach
  • GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations
  • Now UK Parliament Bans TikTok from its Network and Devices
  • IRS Phishing Emails Used to Distribute Emotet
  • Researchers Uncover Chinese Nation State Hackers’ Deceptive Attack Strategies
  • Fifth of Execs Admit Security Flaws Cost Them New Biz
  • Online Safety Bill: Why is Ofcom being thrown under the bus?

Copyright © TheCyberSecurity.News, All Rights Reserved.