How Copy Pasting Can Get You Hacked
Ctrl C + Ctrl V is an unsung hero to every programmer and sysadmin out there and an elementary and universal keyboard combination integrated into the core of every OS ecosystem.
I have used it as second nature, and you have too. Nothing to see here?
Or so it seems.
An oh-so-harmless sequence of Ctrl C + Ctrl V can now kick you out of control of your own machine.
How It Happens
Malicious sites have weaponized code boxes to carry out covert malware attacks on unsuspecting users who copy and paste the malicious code snippets into the terminal.
You copy a seemingly harmless command snippet like sudo apt-get update, which, naturally, should update your repositories.
Instead, what would be stored in your clipboard is malicious and auto-executing shell code, possibly even a beacon to be leveraged into some form of malware — RAT, ransomware, you name it.
The very moment you paste that snippet into your shell, it triggers a chain of commands (as per its design) and infects your system, potentially capable of even locking you out of it.
Some payloads go to the extent of obfuscating or hiding command output, so, you won't even be able to tell what hit you.
To sum it up in layman's, if you are not vigilant, you can now end up hacking yourself by copy-pasting commands.
Technique, Tactic, Procedure
The crux of this trap is masking the malicious code underneath a cloak of an absolutely regular-looking string of text.
A threat actor can orchestrate this attack in two prominent ways:
- Injecting a CSS layer to cloak the payload underneath a genuine-looking command.
How to Avoid Getting Hacked