• Black616Angel@feddit.de
    link
    fedilink
    arrow-up
    6
    ·
    10 months ago

    Now what most people don’t know is that websites can insert arbitrary text when you copy stuff of them. A malicious site will abuse that.

    It works like that:

    You follow a tutorial online or search for a code snippet. You copy some code/said snippet and paste it into a terminal or the browser command line. This copied text is altered by the site to be a one line command to install malware or grab passwords or cookies. All of that is followed by a line break and maybe your real command to lower suspicion.

    Some of the terminal or browser shells interpret a line break in the copied text as enter which then executes the command.

    To prevent that, get a shell, that doesn’t just execute what you paste (fish shell) or a terminal program, that warns you about line breaks (Moba xterm).
    And please check text from unknown sites before pasting it into a program that may execute it right away. (Just paste it into a text editor or look at your clipboard manager like Win+V in windows)