Tuesday, December 3, 2024
HomeCyber Security News100M+ Downloaded Shein App Found Copying Clipboard Content on Android Phones

100M+ Downloaded Shein App Found Copying Clipboard Content on Android Phones

Published on

SIEM as a Service

There have been recent revelations by Microsoft that an old version of the SHEIN Android application has been found reading the contents of the clipboard on Android devices irregularly.

With more than 100 million downloads from the Google Play Store, SHEIN’s Android app is one of the most popular in the marketplace. This Singapore-based retailer has been an online fast fashion retailer for over a decade, originally operating under the name ZZKKO.

It should be possible to send the contents of the clipboard to a remote server if a particular pattern can be identified. Despite this, Microsoft hasn’t identified any malicious intent behind the behavior and is not aware of any such activities.

- Advertisement - SIEM as a Service

It is important to understand the risks that the installed applications can pose even if SHEIN didn’t have malicious intent. As an example, this can include the popular apps that are loaded from the official app store of the platform since they are highly popular.

The Android Security Team at Google was tasked with investigating after Microsoft reported its findings to Google, which operates the Play Store.

Shein App Found Copying Clipboard Content

There have been no updates to the app since the release of version 7.9.2 on December 16, 2021. Microsoft researchers reported that on March 6 they discovered this issue that has been fixed in the May 2022 update.

In order to prevent possible malicious attacks, users must make sure their installed application is up-to-date. Since mobile users frequently use clipboards to copy and paste sensitive information, clipboards are an appealing target for cyberattacks. 

While in the clipboard users mainly perform the copy and paste of the following type of data:-

  • Login credentials
  • Financial data
  • Personal information

In order to identify and observe the code responsible for the particular behavior of the application, Microsoft’s cybersecurity analysts performed two types of analysis, and here they are mentioned below:-

  • Static analysis
  • Dynamic analysis

By exploiting this clipboard vulnerability threat actors can easily modify the contents of the clipboard for several types of other malicious activities. The application triggers a POST request to the server “api-service[.]shein[.]com.” when any content copied to the clipboard is launched.

In the past few years, Google has taken steps to mitigate the privacy risks involved with Android in order to make it more secure.

Recommendations

Here below we have mentioned all the recommendations offered by the cybersecurity analysts at Microsoft:-

  • Make sure that the device as well as the installed applications are always kept up-to-date.
  • Installing an application from a source you are not familiar with is never a good idea.
  • If an application is showing unexpected behavior, you should consider removing it.
  • Always make sure to use a robust antivirus system on your device.

Network Security Checklist – Download Free E-Book

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...

Threat Actors Allegedly Claims Breach of EazyDiner Reservation Platform

Reports have emerged of a potential data breach involving EazyDiner, a leading restaurant reservation...

API Security Webinar

72 Hours to Audit-Ready API Security

APIs present a unique challenge in this landscape, as risk assessment and mitigation are often hindered by incomplete API inventories and insufficient documentation.

Join Vivek Gopalan, VP of Products at Indusface, in this insightful webinar as he unveils a practical framework for discovering, assessing, and addressing open API vulnerabilities within just 72 hours.

Discussion points

API Discovery: Techniques to identify and map your public APIs comprehensively.
Vulnerability Scanning: Best practices for API vulnerability analysis and penetration testing.
Clean Reporting: Steps to generate a clean, audit-ready vulnerability report within 72 hours.

More like this

PEFT-As-An-Attack, Jailbreaking Language Models For Malicious Prompts

Federated Parameter-Efficient Fine-Tuning (FedPEFT) is a technique that combines parameter-efficient fine-tuning (PEFT) with federated...

Hackers Cloning Websites, Exploiting RCE Flaws To Gain Access To Shopping Platforms

Cybercriminals are leveraging AI-powered phishing attacks, website cloning tools, and RCE exploits to target...

Hackers Exploited Windows Event Logs Tool log Manipulation, And Data Exfiltration

wevtutil.exe, a Windows Event Log management tool, can be abused for LOLBAS attacks. By...