What is Pastejacking?
Pastejacking is a method or technique that is used by malicious websites to gain the control of a clipboard in a computer and it then changes the clipboard content to some malicious content without permission.
Pastejacking is a very powerful technique for exploiting victims. As the command copied by the victim is changed and any command which may be harmful to the victims’ information, credentials, and private data may be at a risk.
- All browser allows user to run the command on the PC, and this is the loophole where Pastejacking comes into play.
- This method changes the command in the clipboard and replaces it with any other malicious code.
- This method is an exploit in which clipboard data is replaced by some malicious data for example a link to a malicious website, or malicious commands.
- For this method, such a website is made from which the text we copied is replaced by some hidden malicious code or a command that when used by the user exploits the system and the security is compromised.
- This technique works on any of the operating systems and is a very powerful technique for exploiting someone’s system.
Let us now see how Pastejacking actually works.
Step 1: Go to the website here.
Step 2: When we will copy the code some other code will be copied to the clipboard.
Here we can see the code we copied is different from the code that is copied. You can try the above demonstration on your computer to understand it more.
Why Pastejacking Is Harmful?
Let’s say you copied a code that you want to run in a console or command prompt (Ctrl+C) and then paste it to your console window (Ctrl+V) but here is the catch the code you copied is replaced by some malicious code and executes some other harmful code. When you paste the code directly into the console window it automatically executes and Users cannot then select “Yes” or “No”, and the windows command prompt does not ask for the confirmation. In this case, the malicious code automatically runs (Ctrl+V) and if the code is harmful your system security, and data, is at risk.
How To Avoid Pastejacking
There is a very simple way to avoid Pastejacking.
Step 1: Copy the code.
Step 2: Paste it into Notepad first. Instead of pasting it directly to the command prompt paste it first on the notepad to check what is really in the code.
Here we can clearly see code we copied is different from the code we pasted, so this technique will help us avoid Pastejacking. Copying the code and pasting it in Notepad instead of directly pasting in the command prompt, will add a step but it is way safer than directly pasting the code to the command prompt.
Please Login to comment...