starbuck Posted May 24, 2016 Posted May 24, 2016 Copy-pasting commands into your terminal allows attackers to append, automatically execute and then hide malicious code It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands. This type of attack is known as clipboard hijacking, and in most scenarios, it is useless, except when the user copies something inside their terminal. Security researcher Dylan Ayrey published last week a new version of this attack, which uses only JavaScript as the attack medium, not CSS. Called Pastejacking, his proof-of-concept attack works the same way older CSS-based exploits do, but with a twist. "What's different about this is the text can be copied after an event, it can be copied on a short timer following an event, and it's easier to copy in hex charecters into the clipboard, which can be used to exploit VIM," Ayrey explained. JavaScript makes this attack harder to spot and harder to stop JavaScript is a lot more powerful and versatile when compared to CSS, and this shows immediately. While in the CSS exploit the user had to copy-paste the entire malicious text, with JavaScript things are a lot trickier. Users don't even need to select the whole malicious text. One character is enough. Theoretically, an attacker could add their malicious Pastejacking JavaScript code to the entire page, and when you paste anything inside the console, they could sneakily run commands behind your back. Ayrey even includes a demo where the attacker runs their malicious code, clears the console, and then appends the code the user copied, making them believe nothing happened. The attack can be deadly if combined with tech support pages or phishing emails. Users might think they're copying innocent text into their console, but in fact, they're running the crook's exploit for them. Because terminal commands are automatically executed, the user doesn't even have to press Enter to run the malicious code, CTRL+V being enough. Source: http://news.softpedia.com/news/pastejacking-attack-overrides-your-clipboard-to-trick-you-into-running-evil-code-504420.shtml Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.