The app was found to send clipboard contents to a remote server if a specific pattern was present, although it’s not clear whether malicious intent is behind the behavior.
Shein, the Chinese online fashion retailer, has come under renewed scrutiny after it was found that an old version of its mobile app was accessing clipboard contents on Android devices.
This was discovered by Microsoft, whose threat intelligence team worked with Google’s Android Security Team to ensure the behavior was removed from the app.
The app was found to send clipboard contents to a remote server if a specific pattern was present, although it’s not clear whether malicious intent is behind the behavior. As a result of the disclosure, Google reportedly recognized the risks associated with clipboard access and made improvements to the Android operating system.
Shein reportedly removed the behavior from the application in May 2022, per Microsoft’s recommendation. However, the incident has raised concerns about clipboard-targeting threats that have already been spotted in the wild.
Shein is the latest Chinese app to be scrutinized by researchers for potentially shady behavior. As reported by Hackread.com, last year TikTok’s in-app browser was identified as a potential threat capable of monitoring user activity on external websites.
These threats can put all copied and pasted information at risk of being stolen or altered by attackers, including sensitive information such as passwords, financial data, and cryptocurrency wallet addresses.
To protect against these threats, security researchers recommend users to always keep apps up to date and never install apps from untrustworthy sources. They also suggest removing applications with unexpected behavior, such as B. Toast notifications for clipboard access, and report the behavior to the vendor or app store operator.
Microsoft’s blog post also suggests that “Users can protect themselves by paying attention to the clipboard access message. If the message appears unexpectedly, consider that all clipboard data may have been compromised and consider removing any applications that are making suspicious clipboard access.”
The incident comes months after Shein’s holding company Zoetop was fined $1.9million (£1.69million) for failing to properly notify 32million customers of a data breach.
It will likely further damage the retailer’s reputation, which has already been criticized for its fast-fashion practices and working conditions in its factories.
As more consumers become aware of the risks associated with mobile app security, retailers and app developers must take greater responsibility for protecting user data and privacy.
RELATED TOPICS TikToker promotes adware apps US military bans TikTok over privacy concerns iOS14 exposes LinkedIn for copying user’s keystrokes Chinese hackers target Group-IB cybersecurity firm
