Shein Android

An older version of Shein's Android application suffered from a bug that periodically captured and transmitted clipboard contents to a remote server.

The Microsoft 365 Defender Research Team said it discovered the problem in version 7.9.2 of the app that was released on December 16, 2021. The issue has since been addressed as of May 2022.

Shein, originally named ZZKKO, is a Chinese online fast fashion retailer based in Singapore. The app, which is currently at version 9.0.0, has over 100 million downloads on the Google Play Store.


The tech giant said it's not "specifically aware of any malicious intent behind the behavior," but noted that the function isn't necessary to perform tasks on the app.

Shein Android App

It further pointed out that launching the application after copying any content to the device clipboard automatically triggered an HTTP POST request containing the data to the server "api-service[.]shein[.]com."

To mitigate such privacy risks, Google has further made improvements to Android in recent years, including displaying toast messages when an app accesses the clipboard and barring apps from getting the data unless it is actively running in the foreground.

Fight AI with AI — Battling Cyber Threats with Next-Gen AI Tools

Ready to tackle new AI-driven cybersecurity challenges? Join our insightful webinar with Zscaler to address the growing threat of generative AI in cybersecurity.

Supercharge Your Skills

"Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks," researchers Dimitrios Valsamaras and Michael Peck said.

"Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data."

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.