Your support makes all the difference!
We believe security software like Kicksecure needs to remain open source and independent. Would you help sustain and grow the project? Learn more about our 10 year success story and maybe DONATE!
What does Open Drafts mean? - These are scripts for videos which have not been produced yet. Therefore any feedback (edit suggestions) are more likely to make it in the video which is due to be produced soon.
There may be some inaccuracies in the Open Drafts.
Open Drafts should not be considered Documentation or factual statements until finalized.
Documentation for this is incomplete. Contributions are happily considered! See this for potential alternatives.
What does Finalized Drafts mean? - These drafts are not very useful to modify because the video has already been produced, pending upload. Unless there are critical issues, no changes will be recorded.
Vid #001 : OOPS! They tricked me to install MALWARE! Clipboard Hidden Text Attacks explained
We've all done it before, even if we're reluctant to admit it: we scour the internet for a quick code solution or terminal instruction, find a page, locate the code box, without even thinking we copy the code or even more conveniently click the copy button. Hastely we insert the text into our terminal and hit enter - only to realize ... there's something wrong. We just installed malware and corrupted your system.
Hopefully the last part didn't happen to you. But clipboard hidden text attacks are a common danger on the internet, although they're often overshadowed by phishing hidden text attacks. Nonetheless, they pose a real threat and should remind us not to get too comfortable copying text from unconfirmed sources on the internet, especially when it comes to our most sensitive systems.
First, let's have a look at phishing hidden text because that's what you will find first when you search the internet.
In recent years, phishing with hidden text and zero font attacks have become increasingly popular. Scammers use HTML emails and CSS to hide characters and bypass spam filters used by email providers. Typically, words that indicate major brand corporations would trigger heightened scrutiny of the email filter. However, by splitting up these words with hidden letters and characters, the spam filter can't recognize them. Unfortunately, the user can be tricked because they can't see this hidden obfuscation and only see the plain brand name meant to trick them.
Scammers also use a similar technique called clipboard hidden text attacks, often utilizing code boxes. They may have corrupted a website or created a mockup site to lure in unsuspecting victims who are eager to copy code from code boxes. The user sees the code they need in the code box, but once they click the copy button, a little bit more than just the code is copied to their clipboard – usually something malicious.
Once you insert this text into your terminal and hit enter or, worse, have your terminal auto-execute it, you're in trouble.
The good news is that this attack isn't very common and can easily be avoided if you are willing to sacrifice a tiny bit of convenience.
We highly recommend making this sacrifice because, for scammers, this attack is also very low risk and very convenient. So although the success rate might be fairly low, the effort is so low that they might as well try if they have the opportunity.
Here are four ways you can protect yourself:
1. Be vigilant everytime you copy code from the internet, especially with regards to shell commands, and even more so if those commands grant super user rights.
2. Never have your terminal set to automatically execute pasted commands. Find this option in your operating system or terminal settings and turn it off.
3. Consider using a clipboard manager, which is available on all operating systems, to check the actual content of your clipboard conveniently.
4. For high security, follow these six steps: (1) Copy the text into a graphical text editor first. (2) Read and understand all the commands. (3) Save the file as a local text file. (4) Scan this file for any malicious Unicode characters. (5) Only then copy the text from this local file, as the text editor may have automatically omitted some Unicode characters that were initially in your clipboard. (6) Now you can safely paste the command into the terminal and execute it.
We hope this helped you avoid becoming a victim out of convenience. Be vigilant and be save.
To learn more read the resources provided in the video description. Like and subscribe. And have a great day!