"Don't Copy-Paste Commands From Web Pages — You Can Get Hacked"

Gabriel Friedlander, the founder of the security awareness training platform Wizer, has demonstrated that copying and pasting commands from web pages into a console or terminal can put one's system at risk of getting hacked. Whether they are beginners or experts, developers will often copy commonly used commands from a web page such as Stack Overflow and then paste them into their Windows command prompt, Linux terminal, or other application. However, Friedlander has found that a web page could covertly replace the contents of what goes on a user's clipboard, thus changing what is copied to something vastly different from what the user wanted to copy. The developer may only realize the mistake after pasting the text, at which point it could be too late. Friedlander published a proof-of-concept (POC) on his blog in which he asked readers to copy a simple command that is familiar to most system administrators and developers. When the command is pasted into a text box or Notepad, the result is a completely different command with a newline (or return) character at the end of it, meaning it would execute when it is pasted directly into a Linux terminal. Those who paste the text from Friedlander's blog may think they just copied the "sudo apt update" command used to fetch updated information on software installed on a system, but it is actually something different. This article continues to discuss Friedlander's findings regarding the possibility of getting hacked by copying and pasting commands from web pages into a console or terminal. 

Bleeping Computer reports "Don't Copy-Paste Commands From Web Pages — You Can Get Hacked"