Pastejacking Attack Appends Malicious Terminal Commands To Your Clipboard

An anonymous reader writes: "It has been possible for a long time for developers to use CSS to append malicious content to the clipboard without a user noticing and thus fool them into executing unwanted terminal commands," writes Softpedia. "This type of attack is known as clipboard hijacking, and in most scenarios, is useless, except when the user copies something inside their terminal." Security researcher Dylan Ayrey published a new version of this attack last week, which uses only JavaScript as the attack medium, giving the attack more versatility and making it now easier to carry out. The attack is called Pastejacking and it uses Javascript to theoretically allow attackers to add their malicious code to the entire page to run commands behind a user's back when they paste anything inside the console. "The attack can be deadly if combined with tech support or phishing emails," writes Softpedia. "Users might think they're copying innocent text into their console, but in fact, they're running the crook's exploit for them."

We expect better effort next time.

[downright]

Millennial hackers just don't try very hard.

Re:Misfeature

[johannesg]

Disable javascript and CSS. Then disable the clipboard and the graphical environment. Then format your harddisk, take apart your PC, and throw every part into a fire. It will hurt as they burn, but at least you will be still alive.

Seriously, what sort of shitty advise is "disable javascript and CSS"? Might as well tell people to only ever browse with Lynx. Which basically means 'giving up on the world wide web as a whole'. That seems a rather drastic solution for working around a very, very minor problem in the first place. For one thing, if you run Windows none of this is a problem, so 99% of the worlds' population is already safe by default...