It’s got nothing to do with glue…pastejacking is a serious threat which has increasingly targeted unsuspecting internet denizens.

In reality, this dangerous scheme is just another iteration of phishing, which has held its position as the top threat to our private data for years. For a quick recap:

Phishing is a cybercrime where scammers try to trick you into giving up sensitive information like passwords, credit card numbers, or social security numbers. It can come in many forms. There’s email phishing, which is the most common, but also vishing, which is phishing over the phone; smishing through text messages; and even quishing, which targets you through QR codes. With every new trend in tech, there’s a new phishing variation waiting to pounce. 

Pastejacking is their latest technique in the game. Whether you’ve heard of it, become a victim of it, or are just learning about it for the first time, here is how you can protect yourself from pastejackers!

Pastejacking is a type of cyberattack where malicious code is secretly inserted into a user’s clipboard. When you copy (CNTRL + C) and paste (CNTRL + V) on your device, it should take the last thing you highlighted (whether that is text, an image, a link, etc.) and put it in the chat or window where you’re typing.

When a threat actor takes over your virtual “clipboard,” they can manipulate what will appear when you right-click and choose Paste. When you unknowingly paste their manipulated data, it can lead to various harmful consequences!

The most common is malware execution. By infecting your clipboard with a bad code, the user’s device may install malware and other programs to spy on and steal your data. The code could also steal sensitive information, like your login credentials, once you enter them into a trusted formfill. The website itself may not be infected, but since your device is, all your information could be discretely reported back to whomever installed the malware!

In severe cases, the code could be used to gain control over the user’s device or network. System compromise is the biggest danger of all, as it gives the threat actor total control over our system and all the information stored on it. That can compromise our information, and potentially enable hackers to take over our accounts and proliferate their attack to your friends’ list.

When acknowledging the danger of pastejacking, we must consider that we’re often copy and pasting to show something to other people, whether we’re messaging them directly or posting across several social media accounts, for example. Not only can pastejacking affect your data, but it could compromise any friends who interact with the compromised content, too.

If you’re interested in how cybercriminals compromise your clipboard, here is a more in-depth look into how bad actors can infiltrate your systems from afar. Imagine this: You’re browsing the internet and come across a website that provides a helpful code snippet for automating a task. You think, “Great, I’ll copy this and paste it into my script.”

Unbeknownst to you, the website has been compromised. The malicious code hidden on the website has secretly replaced the code snippet you copied with a harmful script.

This is just one scenario that could happen to you! Other instances of pastejacking happen by…

  • Malicious code insertion: Attackers embed JavaScript code into a website.  
  • Clipboard manipulation: When a user copies text from the website, the JavaScript code secretly replaces it with malicious code.  
  • Unintended pasting: The user, unaware of the malicious content, pastes the code into another application, such as a terminal or code editor.  
  • Execution: The malicious code runs, potentially causing harm to the user’s system.

By understanding pastejacking and following these preventive measures, you can significantly reduce your risk of falling victim to this type of attack!

Remember, pastejacking is just another attempt by phishers to gain illegal access to your devices and systems, and then steal the private data on them and infect the friends’ lists on your profiles, too.

Before you hit copy and paste, make sure whatever you’re COPYING does not contain threats and that you really mean to PASTE the contents before you hit Send. Staying informed and alert about these kinds of cyber-attacks will not only help protect your systems and data—it will positively impact everyone you interact with online, too!