Description
The Clipboard Access feature in malware allows attackers to surreptitiously monitor and manipulate the clipboard content on a compromised system. Given that users often copy and paste sensitive information like passwords, financial details, or confidential text, this function serves as a valuable eavesdropping tool. The malware can either passively collect data from the clipboard or actively alter its content, depending on the attacker's objectives. For example, in the context of cryptocurrency, the malware could replace a copied wallet address with one belonging to the attacker, thereby redirecting funds. Clipboard Access not only enables an additional layer of data harvesting but also opens doors for more specialized kinds of attacks, offering a nuanced yet potent avenue for compromising system integrity and user security.
| Categories | Credentials, Exfiltration |
| Dangerousness | High |
Existing Techniques
| Name | Associated Feature(s) | Has Snippet | Matching Sample |
|---|---|---|---|
 Clipboard Content Reading
|
Clipboard Manager, Password Recovery | 0 | |
 Clipboard Content Writing
|
Clipboard Manager | 0 | |
 Clipboard Disabling
|
Clipboard Manager, Fun / Troll Functions | 0 |
SubSeven 2.1
SubSeven 2.1.1 GOLD edition
SubSeven 2.1.2 M.U.I.E
SubSeven 2.1.3 BONUS
SubSeven 2.1.4 DEFCON 8
Y3K rat 1.5
SubSeven 2.2
Y3K rat 1.6 MS
Net-Devil 1.5
Beast 1.8
MoSucker 3.0b
Beast 1.90
Turkojan 1.0
Beast 1.91
Beast 1.92
SubSeven 2.1.5 Legends
CIA 1.0
CIA 1.1
Beast 2.00
Beast 2.01
CIA 1.2
Beast 2.05
Beast 2.02
Nuclear RAT 1.0 Beta 5
Beast 2.06
ProRat 1.4
ProRat 1.6
ProRat 1.8
Infector NG 2004 2.1.0
Beast 2.07
CIA 1.3
ProRat 1.9
Turkojan 3.0
Bandook 1.35
Nuclear RAT 2.1.0
Turkojan 4
Turkojan 4.0
sharK 3.1 fwb++
Lost Door 3.0 Stable
PrjRAPTOR 1.8
Cerberus 1.0 Beta
Cerberus 1.01 Beta
Cerberus 1.02 Beta
Apocalypse RAT 1.4
Cerberus 1.03.4
Spy-Net 2.6
DarkComet RAT 1.3
Cerberus 1.03.5 Beta
DarkComet RAT 2.0 RC4
CyberGate 1.04.8