Clipboard hijacking

“Clipboard hijacking” (or “clipboard hijacking”, “clipboard injection”, or “PasteJacking”) is a type of cyber attack in which malicious software or malicious scripts secretly manipulate the contents of a user’s clipboard. The clipboard is a temporary storage area that holds data (text, images, files, etc.) that a user has copied, usually to paste (paste) elsewhere.

How clipboard hijacking works

The basic principle of clipboard hijacking involves an attacker replacing the legitimate content you copied with malicious data without your knowledge. This can happen in several ways:

  1. Installing malware: The most common method involves installing malware (Trojans, information-stealing programs) on your device. This malware runs in the background, constantly monitoring your clipboard activity. When you copy something (such as a cryptocurrency wallet address, password or sensitive document), the malware intercepts the information and quickly replaces it with the attacker’s data.
  2. Web exploits (PasteJacking): Malicious scripts embedded on compromised websites can be designed to detect when a user copies text from that page. When you perform a copy action, the script may automatically replace the copied content with malicious code or a different link before even pasting it. For example, a website might display “copy this harmless text”, but when you copy it, the script actually puts a malicious command in the clipboard. When you then paste it into a terminal or a runbox, you are executing the attacker’s code.
  3. Phishing attacks: Phishing emails or messages can direct users to malicious websites or trick them into downloading attachments that install clipboard hijacking malware.
  4. Browser extensions: Some malicious browser extensions may have permissions to access and manipulate data in your clipboard.

Examples of clipboard hijacking:

  • Cryptocurrency theft: This is a very common target. A user copies a legitimate cryptocurrency wallet address to send funds. The clipboard hijacker replaces this address with the attacker’s wallet address. When the user pastes and confirms the transaction, the money is sent without the attacker’s knowledge.
  • Credential stealing: Attackers can replace copied login credentials (usernames, passwords) or financial details (credit card numbers) with their own, or steal the original data as it passes through the clipboard.
  • Malware installation: Attackers can use fake CAPTCHA pages or other social engineering tactics to trick users into copying maliciousPowerShell commands or scripts to their clipboard. The user is then instructed to paste this “verification code” into a command prompt or a runbox, unwittingly executing the malware.
  • Spreading malicious links: A legitimate copied link could be replaced with a link to a phishing site, a malware download, or a site spreading fake news.

The dangers of clipboard hijacking

  • Financial losses: Especially prevalent in cryptocurrency transactions.
  • Identity theft: Stolen login credentials and personal data can lead to account takeover.
  • Malware infection: Unintentional execution of malicious code on your system.
  • Data compromise: Sensitive information copied to clipboard can be stolen.
  • Difficulty in detection: These attacks are often invisible, with few visible signs of interference, making them hard to detect until it’s too late.

How to prevent clipboard hijacking

  • Use a reputable antivirus/anti-malware: To prevent a clipboard hijacking attack, keep your security software up-to-date and run regular scans to detect and remove malicious programs.
  • Be cautious with downloads and links: Download software only from official sources and avoid clicking suspicious links or attachments in emails.
  • Keep your software up-to-date: Regularly update your operating system, web browsers and all other programs to fix known vulnerabilities that attackers could exploit.
  • Check pasted content: This is crucial, especially for sensitive information such as cryptocurrency addresses or financial details. Always visually check that what you are about to paste is really what you copied.
  • Limit copying sensitive information: If possible, avoid copying highly sensitive data (such as passwords) to the clipboard. Use a secure password manager that automatically fills in credentials instead of copying and pasting them manually.

How do you make profitable decisions in crypto? Our “Cryptocurrency Price List” page brings you up-to-date prices, and our profit calculator quickly shows you your investment potential. Calculate your gains or losses based on the buy, sell and sum prices for smart trades.