What is pastejacking? How to protect your computer from Pastejacking?

Pastejacking is a method that malicious websites use to gain control of the clipboard on your computer and change that content into malicious content without your knowledge.

What is pastejacking? How to protect your computer from Pastejacking? Picture 1 What is pastejacking? How to protect your computer from Pastejacking? Picture 1

1. What is Pastejacking?

Nearly all browsers allow websites to run commands on a user's computer. This feature can allow malicious websites to gain control of the clipboard on your computer.

When you copy anything and paste it into the clipboard, the website can run a command or more using your browser. This method can be used to change the contents in the Clipboard.

Also, if copying content into Notepad or Word . before this process is less dangerous and less likely to cause problems than pasting directly into the Command prompt.

Websites run commands when a user performs any specific action, such as when pressing a specific key on the keyboard or right-clicking. When you press the Ctrl + C key combination on the keyboard, will activate the command mode (command mode) of the website.

After only a short period of time, about 800 milliseconds it will paste the malicious content into your clipboard. Some websites can track CTRL + V operation and use it to activate a content change command on the Clipboard.

In addition, the site can track mouse 'moves' in case you do not use the keyboard but use the mouse to perform the operation. When using the context menu (right-click menu) to copy also activate the command to replace the content on the Clipboard.

In short, Pastejacking is a method that malicious websites use to gain control of the clipboard on your computer and change that content into malicious content without your knowledge.

2. Why is Pastejacking dangerous?

Suppose you copy and paste content on a certain web page into Microsoft Word. When you press Ctrl + C or Ctrl + V , the websites "assign" some commands to your clipboard to create and execute Macros.

More dangerous is when you paste the content directly into the control panel like PowerShell or Command Prompt. Mac users can choose some security options if using iTerm.

iTerm is a simulation that allows Mac users to replace the default console. When using iTerm, it will ask users if they really want to paste the content containing the 'newline' character. Users can choose Yes or No, depending on what they are doing.

The Newline character is really just 1/2 the Enter key. The Enter key is described by a left arrow key. Enter key is a combination of Newline characters (change to the next line) and Return.

When you press the Enter key, any command on the control panel is executed. Depends on the console to request confirmation.

The Command Prompt window will not require confirmation with most commands, but only requires confirmation in case you use the DEL command or the FORMAT command. For commands like RENAME , ., the Command prompt will not require confirmation.

In any case, if the site replaces the commands on the Clipboard with the Enter key (/ n / r where / n is newline and / r is return), the console or any application can run commands directly. If these commands are dangerous, they can 'destroy' your computer and network.

3. How to avoid Pastejacking?

What is pastejacking? How to protect your computer from Pastejacking? Picture 2 What is pastejacking? How to protect your computer from Pastejacking? Picture 2

If you're using Mac OS X, you can use iTerm emulation to protect your device in a safe state. iTerm will prompt and notify you in case of pastejacking.

For Windows users must check what websites have assigned to the clipboard on their computer. To do this, first paste the content into Notepad. Notepad only allows users to paste clipboard as text (text), so you can see everything on the clipboard. If you see what you copied

You can paste those content anywhere you want. This means you will have to take one more step, but otherwise you will avoid Pastejacked. Note that using Word to check the clipboard can be dangerous because this program uses Macros.

And of course if the content you copy and paste in Notepad but you can not see the format, font, style . this means the content you paste in Plain text format.

With images, it is best to right-click on the image you want to download or copy and then select Save As . it is safer to copy the command.