In Windows CMD you don’t even need to hit return at the end. They can just add a line break to the copied text and as soon as you paste into the command line (just a right click!), you own yourself.
I have one question though: Considering the scare-mongering about Windows 10’s EOL, this seems pretty convoluted. I thought bad guys could own your machine by automatic drive-by downloads unless you’re absolutely on the latest versions of everything. What’s with all the “please follow this step-by-step guide to getting hacked”?
I'm sure "visit a site and get exploited" happens, but... I haven't actually heard of a single concrete case outside of nation-state attacks.
What's more baffling is that I also haven't heard of any Android malware that does this, despite most phones out there having several publicly known exploits and many phones not receiving any updates.
I can't really explain it except "social engineering like this works so well and is so much simpler that nobody bothers anymore".
Would you know when it happens? It's not like the malware will throw up a giant message box telling you that you have been pwned - unless it's a cryptolocker or other extortion campaign but even then it will likely not activate immediately to evade analysis.
But yes, zero days are too valuable to waste on random targets. Doesn't mean it never happens.
Old Androids do reportedly, and from experience, get slower over time. Maybe that's just bloat in the user installed apps when they are updated. But I would not be terribly surprised if it wasn't also malware consuming resources.
I have one question though: Considering the scare-mongering about Windows 10’s EOL, this seems pretty convoluted. I thought bad guys could own your machine by automatic drive-by downloads unless you’re absolutely on the latest versions of everything. What’s with all the “please follow this step-by-step guide to getting hacked”?