Be careful what you copy from a website! They could hack you

Danger of copying code from a website

There are many security threats that we can find when browsing the Internet. Sometimes simply by downloading a file we can see how our passwords are stolen or an attacker gains access to our system. In this article we echo a new method, a new problem, in which a user can be hacked if copy and paste website commands.

Copying commands from a website is dangerous

It is common for programmers or sysadmins and general techies to copy and paste commands from websites into a terminal. It’s common and, on paper, it shouldn’t present any danger. However, a group of security researchers has shown that this is not always the case and can be a strategy for hackers.

It’s about a simple trick in which an attacker can sneak malicious code, which is apparently harmless, so that anyone who copies it and runs it later in the terminal, becomes infected. That website could secretly replace the content that we have copied to the clipboard. This changes what we think we have copied.

The victim, the person who copies that code on a web page, you could only tell by pasting that command. But of course, this could be too late. You could even have already run that code in the terminal. It is a strategy that can easily go unnoticed.

This group of security researchers created a proof of concept to prove his theory. They saw that just by copying a simple command, you can change it by pasting it into a Notepad or any text app. They showed that the command can be different and even contain new lines.

If a user uses Linux, the command will be executed simply by pasting it in the terminal. This would leave the victim with no reaction time to prevent the attack from taking place.

Attacks through hidden code

Hidden JavaScript code

They indicate that this may occur due to JavaScript code hidden behind an HTML page. What it does is capture what we copy and replace it with other code on the clipboard. All this, as we say, without the victim being able to see it. This is precisely what makes it a dangerous attack.

These same security researchers indicate that we should never copy code directly from a web page and paste them into the terminal. It is essential to analyze the code very well before executing it. It is as easy as an attacker adding a line that is capable of modifying the content and carrying out a cyber attack.

On the other hand, another user also showed how it is possible to add invisible text that is copied next to the parts that are visible. To avoid this problem, what they recommend is to first paste the text into an application such as Notepad and, in this way, be able to analyze it before executing any command.

In short, you should never trust a command that you have copied from a web page. It could contain malicious code without your knowledge. This makes it necessary to take action and first paste it into a text document for analysis.

The article Be careful what you copy from a website! They could hack you was published in RedesZone.

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *