Home > Emerging Threats, Malwares > Clipboard Hijacking

Clipboard Hijacking

Couple of weeks ago, Ryan Naraine posted this blog article “Adobe Flash ads launching clipboard hijack attack” which mentions that this threat is cross platform, affecting Windows, Linux and Mac OS X users.

The latest post in Apple Discussion relating to this threat describes:

“my keyboard appears to be taken over and things are typed either in the chat box or in Safari, or basically in any app that is open.”

So, what’s happening here? I curiously investigated the proof-of-concept published by Security researcher Aviv Raff. **The link will automatically execute the code and automatically hijacks your clipboard**

The file responsible for clipboard hijacking is in a Shockwave flash file (.SWF) format. Since most of websites are implementing flash, you can’t imagine how nasty it can go if this threat will get in-the-wild.

Base from the proof-of-concept, the malicious activity was implemented using ActionScript contained in DoABC tag. As far as I understand, the malicious code does not exploit any vulnerability instead it uses a legitimate class linkages, which imports a SymbolClass “test_fla.mainTimeline”.

It’s 1:33am, I’ll update further my analysis tomorrow. Btw, there’s another report but this time, it’s Browser Hijacking, I suppose that this was implemented in SWF as well.

For the meantime, if you’re going to browse and surf the net, please make sure to disable Java, Java Script in Safari Preferences under Security Tab to avoid this threat.

Stay safe online!

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: