Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Yes - for example https://github.com/slyd0g/SharpClipboard
This is designed to work with CobaltStrike, which is a tool used by security testers (i.e. redteams), but also by real life adversaries as well.
lots results when I google 'wayland clipboard manager' - here's the first
https://github.com/yory8/clipman
> isn't securing this one major IMO attack vector an improvement over not doing anything about it
Unfortunately securing this attack vector is costly - in the sense of annoying the user with prompts and access grants.
This is why even on mobile as you noticed, only browsers require user confirmation before allowing webpages access to the clipboard.
You could maybe do something in between, like not allowing clipboard access to processes which don't have a foreground window visible to the user.
But in practice, this attack vector is not exploited. If you are targeted, it's much more likely that a specific attack against the password manager is used, since it will extract ALL passwords, and not need to wait for one to show up:
> KeeFarce allows for the extraction of KeePass 2.x password database information from memory. The cleartext information, including usernames, passwords, notes and url's are dumped into a CSV file in %AppData%
https://github.com/denandz/KeeFarce