Skip to main content


Home Clipboard hijacking attack

Clipboard hijacking attack

Clipboard hijacking attack definition

A clipboard hijacking attack is when malicious software secretly intercepts and modifies the information you copy and paste on your device (e.g., computer). Attackers can carry out these attacks in many ways, from exploiting vulnerabilities in the device’s operating system to using a malicious script. Often, clipboard hijacking attacks involve using a trojan or malware. Attackers may disguise the malicious program as a legitimate application, which users download unknowingly from a phishing site or email.

See also: copy-paste compromise

The dangers of clipboard hijacking attacks

  • Attackers may gain access to your accounts or sensitive information.
  • Your confidential data, such as passwords or financial details, can be stolen.
  • Malicious parties can use stolen information to impersonate you.
  • Stolen data can lead to you losing money.
  • Hijacked credentials may allow attackers to take control of your online accounts.
  • A breach can sometimes harm your online reputation and trustworthiness.
  • Clipboard hijacking can expose your device to further malware or security threats.
  • Attackers can modify information before pasting it, leading to confusion or errors.
  • Depending on the stolen data, there may be legal consequences.

Malware used for clipboard hijacking attacks

  • TrickBot. Attackers use this trojan to steal sensitive information (like credit card details and login credentials).
  • Zeus Panda. Zeus Panda is a banking trojan cybercriminals use to steal login credentials.
  • Clipboard Ghost. This clipboard-hijacking malware intercepts data being copied and replaces it with a malicious link or code.

How to prevent a clipboard hijacking attack

  • Use reliable antivirus software to help keep out malware.
  • Be careful when downloading software, and only use trustworthy sources.
  • Keep your operating systems and software up to date.
  • Clear your clipboard regularly to remove sensitive information.