Invisible Malicious Unicode Risks

From Kicksecure
Jump to navigation Jump to search
Documentation Previous page: Basic Security Guide Introduction Index page: Documentation Next page: Unicode-show Invisible Malicious Unicode Risks

This wiki page explains the security risk of invisible characters in Unicode that can be copied and pasted into terminal emulators or introduced as vulnerabilities/backdoors in source code contributions, along with documentation that can help to check files and folders for malicious Unicode.

Videos general icon OOPS! They tricked me to install MALWARE! Clipboard Hidden Text Attacks explained YouTube icon Invidious icon Onion icon

Unicode as a Security Risk[edit]

There are invisible characters that might be copied that can do malicious actions. This is a security risk for:

  • A) For users: Commands copied and pasted into a terminal emulator.
  • B) For developers: Introduction of invisible vulnerabilities or backdoors through source code contributions.

These adversarial encodings produce no visual artifacts probably in most editors and terminals.

Note: Not all unicode in files is necessarily malicious. Only some unicode characters in some files are suspicious or potentially malicious.

Original attack research: https://trojansource.codes/archive.org iconarchive.today icon

Forum discussion: https://forums.whonix.org/t/detecting-malicious-unicode-in-source-code-and-pull-requests/13754archive.org iconarchive.today icon

Searching Files and Folders for Unicode[edit]

unicode-show[edit]

See unicode-show - software tool to detect and annotate non-ASCII or suspicious Unicode characters in text or files.

grep-find-unicode-wrapper[edit]

grep-find-unicode-wrapper [1] can help to check files for unicode.

Syntax for files:

grep-find-unicode-wrapper /path/to/filename

Example for files:

Note: The following example check file ~/.bashrc. Replace ~/.bashrc with the actual file to check.

grep-find-unicode-wrapper ~/.bashrc

Syntax for folders:

grep-find-unicode-wrapper -r /path/to/folder

Example for folders:

Note: The following example check the user's home folder. Replace ~/ with a different folder if another folder should be checked.

grep-find-unicode-wrapper -r ~/

Expected output:

  • A) If no unicode has been found: None.
  • B) If unicode has been found: All lines that include unicode.

Expected exit codes:

  • A) If no unicode has been found: non-zero exit code.
  • B) If unicode has been found: Exit code 0.

Similarity with grep:

Since grep-find-unicode-wrapper is a wrapper around grep, output and exit codes are similar to grep.

Resources[edit]

See Also[edit]

Footnotes[edit]

Documentation Previous page: Basic Security Guide Introduction Index page: Documentation Next page: Unicode-show

Notification image

We believe security software like Kicksecure needs to remain Open Source and independent. Would you help sustain and grow the project? Learn more about our 13 year success story and maybe DONATE!