Now what most people don’t know is that websites can insert arbitrary text when you copy stuff of them. A malicious site will abuse that.
It works like that:
You follow a tutorial online or search for a code snippet. You copy some code/said snippet and paste it into a terminal or the browser command line. This copied text is altered by the site to be a one line command to install malware or grab passwords or cookies. All of that is followed by a line break and maybe your real command to lower suspicion.
Some of the terminal or browser shells interpret a line break in the copied text as enter which then executes the command.
To prevent that, get a shell, that doesn’t just execute what you paste (fish shell) or a terminal program, that warns you about line breaks (Moba xterm).
And please check text from unknown sites before pasting it into a program that may execute it right away. (Just paste it into a text editor or look at your clipboard manager like Win+V in windows)
Now what most people don’t know is that websites can insert arbitrary text when you copy stuff of them. A malicious site will abuse that.
It works like that:
You follow a tutorial online or search for a code snippet. You copy some code/said snippet and paste it into a terminal or the browser command line. This copied text is altered by the site to be a one line command to install malware or grab passwords or cookies. All of that is followed by a line break and maybe your real command to lower suspicion.
Some of the terminal or browser shells interpret a line break in the copied text as enter which then executes the command.
To prevent that, get a shell, that doesn’t just execute what you paste (fish shell) or a terminal program, that warns you about line breaks (Moba xterm).
And please check text from unknown sites before pasting it into a program that may execute it right away. (Just paste it into a text editor or look at your clipboard manager like Win+V in windows)
Great info. Thank you!