KlipboardSpy

Posted: February 26, 2020

KlipboardSpy Description

KlipboardSpy is proof-of-concept spyware that demonstrates a text-copying vulnerability in iOS devices, such as smartphones. Although its author hasn't designed it with wild distribution in mind, threat actors may hijack this program and deploy it to cause harm. Users can protect themselves with anti-malware software for removing KlipboardSpy from their devices and being cautious about their interactions with the copy-and-paste feature.

Showing Off OS Weaknesses with Public Spying

Although Apple has a reputation for its distinctive walled garden philosophy towards security, that strategy has drawbacks – such as limiting the threat mitigation options that are available to the company's customers. A recent demonstration of the company's implementation of the copy-and-paste feature in two mobile device OSes provides clear examples of how criminals can take advantage of such an environment, with little for victims to do about it. KlipboardSpy, while not meant for live attacks, is a high-visibility demonstration of collecting device data that's 'out in the open.'

KlipboardSpy is a PoC or proof-of-concept spyware program that demonstrates the vulnerabilities elaborated upon by security researchers. Apple's implementation of the text copy-and-paste feature for all builds of iOS and iPadOS 13.3 leaves any clipboard-stored data, such as a link or a password, unprotected from access from virtually any other application. Apple considers the vulnerability as a non-issue due to the requirement of the application being in the foreground, and, therefore, visible to users.

However, KlipboardSpy, which is specific to iOS, circumvents this issue by loading a widget, KlipSpyWidget. Through this simple method, the second component harvests clipboard information whenever the device is on the home screen, which KlipboardSpy receives whenever the main app opens. Although researchers suggest various means of blocking these attacks, such as developing clipboard-specific permissions prompts, Apple has yet to take any action.

Erring on the Side of Caution with Spyware, White Hat or Otherwise

KlipboardSpy is 'White Hat' spyware that's not part of an illicit industry for harvesting data or making money off of its attacks. However, the distinguishment between White and Black Hat software can become blurry, if threat actors gain access to the source code of a third-party program. Hidden Tear, the Turkish file-locking Trojan, remains one of the most long-abiding examples showing how pure and educational intentions can become twisted into an unsafe part of the threat landscape.

All iOS users should respond to the non-consensual presence of KlipboardSpy as if it were any similar spyware, such as the Exodus malware. Malware experts can recommend some simple defenses against it, for now:

  • Users can 'flush' their clipboards by copying unimportant text immediately after copying sensitive content like passwords.
  • Current builds of KlipboardSpy are dependant on their widgets for stealing data without the app's being open. Users can always check which widgets are running by swiping right on their home screen or viewing the Notification Center.
  • Mobile devices not running iOS or iPadOS 13.3 aren't at risk, and so users may switch to other OSes as preferable for their safety.

Since Apple is taking no current actions against the now publicly known vulnerabilities, users should keep any relevant anti-malware services up-to-date for the removal of KlipboardSpy if it ever gets out into the wild.

The idea of locking down an operating system totally is more of an ideal than a reality, even for Apple. KlipboardSpy shows that it doesn't take a lot of effort to scale those garden walls – and that there are lucrative fruits for collecting after the exertion.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KlipboardSpy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Use SpyHunter to Detect and Remove PC Threats

If you are concerned that malware or PC threats similar to KlipboardSpy may have infected your computer, we recommend you start an in-depth system scan with SpyHunter. SpyHunter is an advanced malware protection and remediation application that offers subscribers a comprehensive method for protecting PCs from malware, in addition to providing one-on-one technical support service.

Download SpyHunter's Malware Scanner

Note: SpyHunter's free version is only for malware detection. If SpyHunter detects malware on your PC, you will need to purchase SpyHunter's malware tool to remove the malware threats. Learn more on SpyHunter. If you would like to uninstall SpyHunter for any reason, please follow these uninstall instructions. To learn more about our policies and practices, visit our EULA, Privacy Policy and Threat Assessment Criteria.

Why can't I open any program including SpyHunter? You may have a malware file running in memory that kills any programs that you try to launch on your PC. Tip: Download SpyHunter from a clean computer, copy it to a USB thumb drive, DVD or CD, then install it on the infected PC and run SpyHunter's malware scanner.

Leave a Reply

Please note that we are not able to assist with billing and support issues regarding SpyHunter or other products. If you're having issues with SpyHunter, please get in touch with SpyHunter customer support through your SpyHunter. If you have SpyHunter billing questions, we recommend you check the Billing FAQ. For general suggestions or feedback, contact us.