An older version of Shein’s Android application had a bug that periodically captured the contents of the clipboard and sent it to a remote server.
The Microsoft 365 Defender Research Team said they found an issue in version 7.9.2 of the app released on December 16, 2021. This issue is addressed as of May 2022.
Shein, originally named ZZKKO, is a Chinese online fast fashion retailer based in Singapore. The app, currently in version 9.0.0, has been downloaded over 100 million times.
Microsoft said it was “not specifically aware of any malicious intent behind the behavior,” but said the feature was not necessary for the app to perform its tasks.
Additionally, he pointed out that starting the application after copying the content to the device’s clipboard automatically triggered an HTTP POST request with the data to the server ‘api-service'[.]Shine[.]Com”
To mitigate such privacy risks, Google has in recent years implemented measures such as displaying a toast message when an app accesses the clipboard and preventing data from being retrieved unless the app is actively running in the foreground. We’ve made Android even better.
Discover the latest malware evasion tactics and defense strategies
Ready to demystify the 9 most dangerous misconceptions about file-based attacks? Join our upcoming webinar and become a hero in the fight against patient zero infections and zero-day security events!
reserve a seat
Researchers Dimitrios Valsamaras and Michael Peck said, “Given that mobile users often use the clipboard to copy and paste sensitive information such as passwords and payment information, the contents of the clipboard are a form of cyberattack. could become a target for
“By leveraging the clipboard, attackers can gather information about their targets and exfiltrate useful data.”
