Considering mobile users often use the clipboard to copy and paste sensitive information, like passwords or payment information, clipboard contents can be an attractive target for cyberattacks. Leveraging clipboards can enable attackers to collect target information and exfiltrate useful data. Examples even exist of attackers hijacking and replacing the clipboard contents for malicious purposes, such as modifying a copied cryptocurrency wallet address before the user pastes it into a crypto wallet app or chat message. Moreover, these types of attacks misuse a legitimate system feature rather than exploit a vulnerability, making the issue more challenging to mitigate.
Microsoft discovered that an old version of the SHEIN Android application periodically read the contents of the Android device clipboard and, if a particular pattern was present, sent the contents of the clipboard to a remote server.
Source: Microsoft Threat Intelligence