Security News > 2023 > March > Shein's Android App Caught Transmitting Clipboard Data to Remote Servers

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server.

The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021.

It further pointed out that launching the application after copying any content to the device clipboard automatically triggered an HTTP POST request containing the data to the server "Api-service[.]shein[.]com.".

To mitigate such privacy risks, Google has further made improvements to Android in recent years, including displaying toast messages when an app accesses the clipboard and barring apps from getting the data unless it is actively running in the foreground.

"Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks," researchers Dimitrios Valsamaras and Michael Peck said.

"Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data."

News URL

https://thehackernews.com/2023/03/sheins-android-app-caught-transmitting.html