Can Clipboard malware affects phone users?

Woodie

hero member

Activity: 1834

Merit: 879

Rollbit.com ⚔️Crypto Futures

Quote from: Beparanf on February 02, 2023, 01:13:06 PM

Quote from: KiaKia on February 02, 2023, 01:05:00 PM

There are a few posts about clipboard malware that changes users addresses whenever they want to carry out new transactions and I have only seen this happened to a friend's laptop but not a smartphone, is it possible for this clipboard malware to affect a smartphone and swap your address to a fake address?

Android and IOS has a unique security system which doesn’t allowed virus to enter its core.

I agree, but If the phones operating system remains untempered and still has update support.. security is almost guaranteed, but for devices that are either jailbroken or rooted here all security protocols are overwritten and very much possible for malware to be installed and possibly hijack the clipboard especially in instances were the keyboard is also a third party one.
But generally if phone OS is kept OEM and untwerked device should be safe from these clipboard viruses.

crwth

copper member

Activity: 2940

Merit: 1280

https://linktr.ee/crwthopia

If it has been invented on PC, it is probably applicable to phones. I remember on my device, an iOS device, in particular, a few years ago that it doesn't have any problems copying and pasting. After an update, now it asks if it can be pasted or if it shows the app where the clipboard is being copied.

I think it's a great safety feature to have known if the application is doing something with the clipboard or not without your permission. Definitely a good thing for users.

Better to be safe than sorry all the time.

sheenshane

legendary

Activity: 2492

Merit: 1232

Quote from: Alisha-k on February 05, 2023, 07:36:04 AM

I think it is common with fancy third party keyboards. But with built in android keyboards that was installed alongside the OS hardly get Malware attack except the device is regularly using hotspots from unknown and untrusted users.

I tend to agree with this, there might be a chance that the app you downloaded has a malware clipboard that can affect your phone.
There are too many apps on playstore for fancy backgrounds like having a color and design and I think that's possible can be infected with the clipboard malware. Because upon installing that app it asks the full access to your phone.

source

Rikafip

legendary

Activity: 1722

Merit: 5937

Quote from: Cantsay on February 05, 2023, 05:41:29 AM

Just to be on the safe side I'll suggest you just avoid downloading any third party keyboard most especially those ones that have a fancy look and just continue using the inbuilt keyboard.

I have been using 3rd party keyboard (Swiftkey) for a decade or so as I can't stand Samsung in built ones and had no issues whatsoever. You just have to use the common sense and stick to the best known ones and you shouldn't have an issue. And by common sense I mean checking at least first few and last few characters of the address and not using mobile phone wallet for anything other than a hot storage where you keep smaller amount of crypto.

Quote from: Alisha-k on February 05, 2023, 07:36:04 AM

I think it is common with fancy third party keyboards. But with built in android keyboards that was installed alongside the OS hardly get Malware attack except the device is regularly using hotspots from unknown and untrusted users.

Possible? Definitely. Common? I don't think so. Otherwise we would hear so many cases of people being hacked that way.

armanda90

hero member

Activity: 1190

Merit: 599

Based on my experience with clipboard malware affect with computer only and not found any user complaint about this malware in their mobile phone. I don't active use mobile phone for cryptocurrency transaction because trough computer seems easy and faster than transaction have using mobile phone.

But mobile phone seems easy if detected with clipboard malware by resetting to beginner of our mobile than using computer need time how to restart back our computer. For mobile phone sending cryptocurrency assets seems easy and trough QR code we can sent to other wallet without have paste and actually not effective with clipboard malware in mobile phone.

Nwada001

hero member

Activity: 700

Merit: 673

The more advanced we are when it comes to security, the more hackers and malware programmers are also busy designing ways to break in.
The clipboard virus is something that is possible to infect, in fact, any device so long as the device is connected to the internet and the user makes use of the internet without the use of a strong antivirus that will protect it from any attempt. I have come across someone whose wallet was hacked through a link that was clicked from a telegram to his phone. If such a program is channeled towards data theft from the clipboard, it can also be achieved.
Nothing is impossible for these hackers to do, but it's also very possible for us to avoid all of that by being very careful and avoiding clicking on links from untrusted sources. Online games can be very dangerous as well for those of us who play games online and connect Bluetooth devices for sound and control purposes.

Alisha-k

member

Activity: 840

Merit: 23

I think it is common with fancy third party keyboards. But with built in android keyboards that was installed alongside the OS hardly get Malware attack except the device is regularly using hotspots from unknown and untrusted users.

Cantsay

hero member

Activity: 700

Merit: 541

Bitcoin Casino Est. 2013

Just to be on the safe side I'll suggest you just avoid downloading any third party keyboard most especially those ones that have a fancy look and just continue using the inbuilt keyboard. But as for the keyboard malware in phones I haven't heard or seen any case before but that doesn't mean it still not possible. You never know to what extent hackers can go just so they get access to your details. And you can as well just turn off the clipboard so as to prevent it from saving more than one copied details at a time (at least that's what it does in my device ).

drwhobox

full member

Activity: 756

Merit: 133

- hello doctor who box

I have heard non of these cases on mobile but on computer. By mobile means android, never used ios and I don't follow their community. I am an android user since I started using smartphones.
But hey, it is 2023 and anything can happen anytime so check before you send any transactions, stop trusting anything blindly be cautious and be safe.

Saint-loup

legendary

Activity: 2604

Merit: 2353

Quote from: stompix on February 02, 2023, 05:11:13 PM

I think that standalone clipboard hijackers for Android are not that spread because you need to go the same way of infecting and getting permissions as a normal private key malware, so it makes little sense to have just a clipboard hijacker installed when you can have a wallet drainer, even for the one mentioned in that article the main attack was the stealing of keys. After all, if you want to steal something you want to go for the jackpot with the least traces possible, so probably that's why everyone is focused on other types of malware.

Also, rather than clipboard hijackers one should watch out for QR code malware, scammers have understood that for some users it's a pain in the ass to copy-paste addresses so they release a lot of those apps that "help" you with these on playstore.
https://www.bitdefender.com/blog/hotforsecurity/bitcoin-thieves-use-malicious-qr-code-readers-to-steal-45000-this-month/

I don't think stealing private keys is so easy because usually serious wallets take care about that. They encrypt private keys/seeds and only decrypt them once the user opens the wallet after typing a pin code generally, and they never display them if the user hasn't required it. While copy-pasted adresses are commonly used when you want to send funds to an online platform. It's recommended to always check the end of the address pasted, as it is harder to forge a similar end than a similar beginning, because of the checksum, btw.

Quote

Also, rather than clipboard hijackers one should watch out for QR code malware, scammers have understood that for some users it's a pain in the ass to copy-paste addresses so they release a lot of those apps that "help" you with these on playstore.
https://www.bitdefender.com/blog/hotforsecurity/bitcoin-thieves-use-malicious-qr-code-readers-to-steal-45000-this-month/

It's surprising, because usually wallets are able to generate the QR-codes of receiving addresses. I wonder if some wallets don't generate QR-code in special formats only readable by the same software wallets though.

Stepstowealth

full member

Activity: 658

Merit: 172

Quote from: KiaKia on February 02, 2023, 01:05:00 PM

There are a few posts about clipboard malware that changes users addresses whenever they want to carry out new transactions and I have only seen this happened to a friend's laptop but not a smartphone, is it possible for this clipboard malware to affect a smartphone and swap your address to a fake address?

I am not a techie, but I say if it is not something that is possible now, it doesn't mean that it cannot be possible in the closest future. More sophisticated Malwares can be made, maybe they are already in development now and will be capable of having same effect it has on computers on mobile phones. It can happen because some of these malwares that we see now, at one time we never believed that they will be existing.

kamvreto

legendary

Activity: 1946

Merit: 1157

MAaaN...!! CUT THAT STUPID SHIT

Quote from: jackg on February 02, 2023, 01:46:51 PM

~snip~Clipboards are normally stored on keyboards though so the biggest ways to attack this vulnerability are via infected keyboards and wallet related apps.

This is a weakness that often attacks Android with various untrusted keyboard applications. There are several applications that are automatically downloaded when there are advertisements embedded in the game or some applications that are free.
some android application installation scanners also work to deal with applications that indicate malware so that there will be a notification that the application is not safe.
to be safer, you can also activate Google Protect so that applications that are installed safely can be used properly. Do not install apps from black market or obscure apk files. It becomes a gateway for malware.

Taskford

hero member

Activity: 2520

Merit: 783

Quote from: KiaKia on February 02, 2023, 01:05:00 PM

There are a few posts about clipboard malware that changes users addresses whenever they want to carry out new transactions and I have only seen this happened to a friend's laptop but not a smartphone, is it possible for this clipboard malware to affect a smartphone and swap your address to a fake address?

Good question ask since this could make other be informed about possibilities of all things related to clip board malware. but as far as we know security in android phones are so high so maybe its just a rare case for individual users to get affected with this. But still you need to be more careful on what you are copying and always verify for many times if the address you are putting where you want to receive your balances. Better to always have precautious consciousness to avoid this unnecessary mistake.

mk4

legendary

Activity: 2870

Merit: 3873

Paldo.io 🤖

Though phone operating systems will have varying degrees of security, if a mobile device is online, clipboard malware or any other malware is possible. Even if it's decently unlikely.

Ryker1

sr. member

Activity: 1932

Merit: 442

Eloncoin.org - Mars, here we come!

It could be on the file ^{[APK files]} but not the Android system itself.
So before downloading, ask yourself twice or thrice --is the app popular, does the app have a good review, transparency of the developer and what they develop --the last one is, to verify the app before downloading.
The number one sign that you must be noticed first is that your phone is usually ver heating and the battery quickly drain. So do not save valuable stuff on your mobile phone.

lovesmayfamilis

legendary

Activity: 2072

Merit: 4265

✿♥‿♥✿

In the Russian-speaking segment, news appeared that sales of the Hook Trojan had begun on the darknet, which attacks many banking and crypto wallets on the Android system.
The malware can completely capture the device and control all actions of the phone owner. It also has remote control capabilities.
The hacker sees the screen of the smartphone and can remotely perform any action, including managing crypto wallets.
The hook is currently distributed as an APK file and disguised as the Google Chrome browser.

More: https://www.cnews.ru/news/top/2023-01-20_v_darknete_za_7_tysprodayut

rat03gopoh

hero member

Activity: 2212

Merit: 670

Signature designer - start @$10 - PM me!

The system default clipboard (for unrooted devices) may not be changed (read-only mode), but there are some clipboard managers out there that if you install them require permissions to disable and switch the role of default apps to third-party ones. Yep, it can be tampered with and malware attacks.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: DdmrDdmr on February 02, 2023, 02:01:36 PM

Quote from: KiaKia on February 02, 2023, 01:05:00 PM

<...>

If this is widespread and still feasible (i.e. no way to patch it) is something I don’t really know, though if there is no way to patch it, likely it's still a thing.

I think that standalone clipboard hijackers for Android are not that spread because you need to go the same way of infecting and getting permissions as a normal private key malware, so it makes little sense to have just a clipboard hijacker installed when you can have a wallet drainer, even for the one mentioned in that article the main attack was the stealing of keys. After all, if you want to steal something you want to go for the jackpot with the least traces possible, so probably that's why everyone is focused on other types of malware.

Also, rather than clipboard hijackers one should watch out for QR code malware, scammers have understood that for some users it's a pain in the ass to copy-paste addresses so they release a lot of those apps that "help" you with these on playstore.
https://www.bitdefender.com/blog/hotforsecurity/bitcoin-thieves-use-malicious-qr-code-readers-to-steal-45000-this-month/

PrivacyG

hero member

Activity: 882

Merit: 1873

Crypto Swap Exchange

Quote from: jackg on February 02, 2023, 01:46:51 PM

Android and iOS share the methods of Linux in stopping apps from accessing the operating system unless the user has let them run in the background or has opened them on the screen.

And then you have all sorts of weird applications in the Play Store you can download for free and use. If you look for a free Screen Recorder you can find a lot of sketchy apps that even have a lot of positive reviews. Any of these apps can have this hidden malware. Also all the free photo editing apps many people download and use. Easy to become a victim this way. Very few of us have a clean Android phone, the people I know have it clogged up in all sorts of unnecessary software.

Linux may be helping by stopping apps, but then it is still user's responsibility from that point forward.

-
Regards,
PrivacyG

Falconer

legendary

Activity: 2660

Merit: 1141

Don't use the cellphone that you use every day as a storage wallet, it clearly has a high risk for the security of your funds. Let's be honest that you never know when you've made the mistake of accidentally clicking on a malicious link or automatically downloading it from a group chat or your friends. This is really dangerous even if you have kept your clipboard safe from malware.

Use 2 phones if you don't have the hardware wallet, but you may need to keep one of them offline while still needing to backup the wallet for the wallet. This is just about user experience from me, but I really believe this clipboard is not safe if you are not careful.

Topic: Can Clipboard malware affects phone users? (Read 288 times)