Hello, welcome to the Monday, September 14th, 2020 edition of the Sansonet Storm Center's

Stormcast. My name is Johannes Ulrich, and today I'm recording from Jacksonville, Florida.

In diaries from this weekend, we got an interesting one by Rob about pillaging the clipboard. Of course, a lot of users are copy-pasting strings,

in particular hard-to-type ones like complex passwords. So Malware certainly has caught onto this

for a while now and tends to monitor the clipboard and then steal certain strings from the clipboard.

They have also been some cases where malware was looking for example for Bitcoin addresses,

which is another string that's often copy-pasted.

In this case, the goal wasn't so much to steal the address. That's the

public part, but instead modifying the address. So then the victim would inadvertently

send Bitcoins to the wrong account. From a defensive point of view, there isn't really that much

a user can do about all of this other than, well, not getting infected with Malver in the first

place. On the other hand, a lot of password managers, for example, try to keep the data on

the clipboard limited. I know the one password

manager I'm using. Now, that's on macOS. They'll automatically delete a password after

it's being pasted. Also delete them after a certain amount of seconds have been passed.

Now, Rob talks a little bit about this in Windows and states that this is not necessarily

always working as intended.

In particular, if you enable the clipboard history.

In this case, when software tries to override, meaning delete the clipboard, they're actually adding a new

empty entry to the clipboard history, which in some ways is sort of the intention behind this feature

in Windows. Also, a couple good user comments about this particular diary by Rob. And just one comment

from me, the fact that you can steal the clipboard if you have malware running on the system,

...