There have recently been revelations from Microsoft that an old version of the SHEIN Android application has been found which is reading the contents of the clipboard on Android devices erratically.
With more than 100 million downloads from the Google Play Store, the SHEIN Android app is one of the most popular on the market. This Singapore-based retailer has been an online fast fashion retailer for over a decade, originally trading under the ZZKKO name.
It should be possible to send the contents of the clipboard to a remote server if a specific pattern can be identified. Despite this, Microsoft has not identified any malicious intent behind the behavior and is not aware of such activities.
It is important to understand the risks that the installed applications can pose, even if SHEIN had no malicious intent. For example, this can be the popular apps that are loaded from the platform’s official app store as they are very popular.
Google’s Android security team was hired to investigate after Microsoft reported its findings to Google, which operates the Play Store.
Shein app found copying clipboard content
There have been no updates to the app since version 7.9.2 was released on December 16, 2021. Microsoft researchers reported that they discovered this issue on March 6th, which was fixed in the May 2022 update.
To prevent possible malicious attacks, users must ensure that their installed application is up to date. Because mobile users often use clipboards to copy and paste sensitive information, clipboards are an attractive target for cyberattacks.
In the clipboard, users mainly perform copy and paste of the following types of data:-
Credentials Financial Information Personal Information
In order to identify and observe the code responsible for the specific behavior of the application, Microsoft’s cybersecurity analysts have performed two types of analysis and here they are mentioned below:-
Static Analysis Dynamic Analysis
By exploiting this clipboard vulnerability, threat actors can easily modify the clipboard contents for various types of other malicious activities. The application issues a POST request to the server “api-service[.]bill[.]com.” when launching content copied to the clipboard.
In recent years, Google has taken steps to mitigate the privacy risks associated with Android to make it more secure.
Here below we have mentioned all the recommendations of Microsoft cybersecurity analysts:-
Make sure that the device and the installed applications are always up to date. It’s never a good idea to install an application from a source you’re not familiar with. If an application behaves unexpectedly, you should consider removing it. Always ensure that you use a robust antivirus system on your device.
Network Security Checklist – Download Free eBook