{{Header}}
{{#seo:
|description=Invisible textual characters that leading to security compromises during copy and paste.
|image=Unicode123123.png
}}
{{title|title=
Invisible Malicious Unicode Risks
}}
[[File:Unicode123123.png|thumb]]
{{intro|
This wiki page explains the security risk of invisible characters in Unicode that can be copied and pasted into terminal emulators or introduced as vulnerabilities/backdoors in source code contributions, along with documentation that can help to check files and folders for malicious Unicode.
}}
{{VideoLink
|videoid=6nHufztdkUI
|text=OOPS! They tricked me to install MALWARE! Clipboard Hidden Text Attacks explained
}}
== Unicode as a Security Risk ==
There are invisible characters that might be copied that can do malicious actions. This is a security risk for:

* '''A)''' <u>For users:</u> Commands copied and pasted into a terminal emulator.
* '''B)''' <u>For developers:</u> Introduction of invisible vulnerabilities or backdoors through source code contributions.

These adversarial encodings produce no visual artifacts probably in most editors and terminals.

Original attack research:
https://trojansource.codes/

Forum discussion:
https://forums.whonix.org/t/detecting-malicious-unicode-in-source-code-and-pull-requests/13754

== Checking Files for Unicode ==
NOTE: Not all unicode in files is necessarily malicious. Only some unicode characters in some files is suspicious or potentially malicious.

<code>grep-find-unicode-wrapper</code> <ref>
https://github.com/{{project_name_short}}/helper-scripts/blob/master/usr/bin/grep-find-unicode-wrapper
</ref> can help to check files for unicode.

Syntax for files:

<pre>
grep-find-unicode-wrapper /path/to/filename
</pre>

Example for files:

Note: The following example check file <code>~/.bashrc</code>. Replace <code>~/.bashrc</code> with the actual file to check.

{{CodeSelect|code=
grep-find-unicode-wrapper ~/.bashrc
}}

Syntax for folders:

<pre>
grep-find-unicode-wrapper -r /path/to/folder
</pre>

Example for folders:

Note: The following example check the user's home folder. Replace <code>~/</code> with a different folder if another folder should be checked.

{{CodeSelect|code=
grep-find-unicode-wrapper -r ~/
}}

Expected output:

* '''A)''' If no unicode has been found: None.
* '''B)''' If unicode has been found: All lines that include unicode.

== Resources ==
gcc protects from this https://www.phoronix.com/news/GCC-LLVM-Trojan-Source but other compilers and script interpreters don't even have bug reports.

== See Also ==
* [[Social_Engineering#IDN_Homograph_Attacks|IDN Homograph Attacks]]
* [[Shell|Hidden Text Attacks]]

== Footnotes ==
<references />

{{Footer}}
[[Category:Documentation]]