Copy-pasting commands into your terminal allows attackers to append, automatically execute and then hide malicious code.
This type of attack is known as clipboard hijacking, and in most scenarios, it is useless, except when the user copies something inside their terminal.
Called Pastejacking, his proof-of-concept attack works the same way older CSS-based exploits do, but with a twist.
“What’s different about this is the text can be copied after an event, it can be copied on a short timer following an event, and it’s easier to copy in hex charecters into the clipboard, which can be used to exploit VIM,” Ayrey explained.
Ayrey even includes a demo where the attacker runs their malicious code, clears the console, and then appends the code the user copied, making them believe nothing happened.
The attack can be deadly if combined with tech support pages or phishing emails. Users might think they’re copying innocent text into their console, but in fact, they’re running the crook’s exploit for them.
Because terminal commands are automatically executed, the user doesn’t even have to press Enter to run the malicious code, CTRL+V being enough.
For example, someone looking for tips on cmd.exe commands could copy-paste code he found online in tutorial articles, but the malicious party behind that particular site could be appending tens of lines of malicious code that downloads malware from an online source and installs it on his computer. All of this can happen silently, without the user noticing anything.
Working as a cyber security solutions architect, Alisa focuses on application and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.