Invisible Malicious Unicode Risks

From Kicksecure

Unicode123123.png

Unicode as a Security Risk[edit]

There are invisible characters that might be copied that can do malicious actions. This is a security risk for:

  • A) For users: Commands copied and pasted into a terminal emulator.
  • B) For developers: Introduction of invisible vulnerabilities or backdoors through source code contributions.

These adversarial encodings produce no visual artifacts probably in most editors and terminals.

Original attack research: https://trojansource.codes/

Forum discussion: https://forums.whonix.org/t/detecting-malicious-unicode-in-source-code-and-pull-requests/13754

Checking Files for Unicode[edit]

NOTE: Not all unicode in files is necessarily malicious. Only some unicode characters in some files is suspicious or potentially malicious.

grep-find-unicode-wrapper [1] can help to check files for unicode.

Syntax for files:

grep-find-unicode-wrapper /path/to/filename

Example for files:

Note: The following example check file ~/.bashrc. Replace ~/.bashrc with the actual file to check.

grep-find-unicode-wrapper ~/.bashrc

Syntax for folders:

grep-find-unicode-wrapper -r /path/to/folder

Example for folders:

Note: The following example check the user's home folder. Replace ~/ with a different folder if another folder should be checked.

grep-find-unicode-wrapper -r ~/

Expected output:

  • A) If no unicode has been found: None.
  • B) If unicode has been found: All lines that include unicode.


Unfinished: This wiki is a work in progress. Please do not report broken links until this notice is removed, use Search Engines First and contribute improving this wiki.