The adversary exploits an application that allows for the copying of sensitive data or information by collecting information copied to the clipboard. Data copied to the clipboard can be accessed by other applications, such as malware built to exfiltrate or log clipboard contents on a periodic basis. In this way, the adversary aims to garner information to which they are unauthorized.
Description
Attack Execution Flow
3
1
Step 1
Explore[Find an application that allows copying sensititve data to clipboad] An adversary first needs to find an application that allows copying and pasting of sensitive information. This could be an application that prints out temporary passwords to the screen, private email addresses, or any other sensitive information or data
AI Translation
[Trova un'applicazione che consenta di copiare dati sensibili negli appunti] Un avversario deve prima individuare un'applicazione che permetta di copiare e incollare informazioni sensibili. Questo potrebbe essere un'applicazione che visualizza password temporanee sullo schermo, indirizzi email privati o qualsiasi altra informazione o dato sensibile
2
Step 2
Experiment[Target users of the application] An adversary will target users of the application in order to obtain the information in their clipboard on a periodic basic
Install malware on a user's system designed to log clipboard contents periodically
Get the user to click on a malicious link that will bring them to an application to log the contents of the clipboard
AI Translation
[Utenti target dell'applicazione] Un avversario mirerà agli utenti dell'applicazione al fine di ottenere le informazioni presenti negli appunti su base periodica
Installare malware sul sistema di un utente progettato per registrare periodicamente i contenuti degli appunti
Indurre l'utente a cliccare su un link dannoso che lo reindirizzerà a un'applicazione per registrare i contenuti degli appunti
Attack Techniques
-
Get the user to click on a malicious link that will bring them to an application to log the contents of the clipboard
-
Install malware on a user's system designed to log clipboard contents periodicallyIT: Indurre l'utente a cliccare su un link dannoso che lo indirizzerà a un'applicazione per registrare il contenuto degli appunti.
3
Step 3
Exploit[Follow-up attack] Use any sensitive information found to carry out a follow-up attack
AI Translation
[Attacco di follow-up] Utilizzare qualsiasi informazione sensibile trovata per eseguire un attacco di follow-up
Mitigations
2
Employ A Robust Identification And Audit/Blocking Via Using An Allowlist Of Applications On Your System. Malware May Contain The Functionality Associated With This Attack Pattern.
While Copying And Pasting Of Data With The Clipboard Is A Legitimate And Practical Function, Certain Situations And Context May Require The Disabling Of This Feature. Just As Certain Applications Disable Screenshot Capability, Applications That Handle Highly Sensitive Information Should Consider Disabling Copy And Paste Functionality.
Consequences
Security Scopes Affected
Confidentiality
Potential Impacts
Read Data
Relationships
Parent CAPECs
Related ATT&CK Techniques
1
T1115
Clipboard Data
Adversaries may collect data stored in the clipboard from users copying information within or between applications. For example, on Windows …