|description=Invisible textual characters that leading to security compromises during copy and paste.
Invisible Malicious Unicode Risks
This wiki page explains the security risk of invisible characters in Unicode that can be copied and pasted into terminal emulators or introduced as vulnerabilities/backdoors in source code contributions, along with documentation that can help to check files and folders for malicious Unicode.
|text=OOPS! They tricked me to install MALWARE! Clipboard Hidden Text Attacks explained
== Unicode as a Security Risk ==
There are invisible characters that might be copied that can do malicious actions. This is a security risk for:
* '''A)''' For users: Commands copied and pasted into a terminal emulator.
* '''B)''' For developers: Introduction of invisible vulnerabilities or backdoors through source code contributions.
These adversarial encodings produce no visual artifacts probably in most editors and terminals.
Original attack research:
Forum discussion:
== Checking Files for Unicode ==
NOTE: Not all unicode in files is necessarily malicious. Only some unicode characters in some files is suspicious or potentially malicious.
can help to check files for unicode.
Syntax for files:
grep-find-unicode-wrapper /path/to/filenameExample for files: Note: The following example check file
. Replace ~/.bashrc
with the actual file to check.
grep-find-unicode-wrapper ~/.bashrc
Syntax for folders:
grep-find-unicode-wrapper -r /path/to/folderExample for folders: Note: The following example check the user's home folder. Replace
with a different folder if another folder should be checked.
grep-find-unicode-wrapper -r ~/
Expected output:
* '''A)''' If no unicode has been found: None.
* '''B)''' If unicode has been found: All lines that include unicode.
== Resources ==
* gcc protects from this https://www.phoronix.com/news/GCC-LLVM-Trojan-Source but other compilers and script interpreters don't even have bug reports.
* [https://dgl.cx/2023/09/ansi-terminal-security "31m"?! ANSI Terminal security in 2023 and finding 10 CVEs]
== See Also ==
* [[Social_Engineering#IDN_Homograph_Attacks|IDN Homograph Attacks]]
* [[Shell|Hidden Text Attacks]]
== Footnotes ==