I just saw this and felt I should share it. I’m sure most people here wouldn’t fall for it but it can’t hurt to make sure 👍
Edit: I just wanted to add, I have no idea what this tried to copy. I’m using Firefox on Linux which is perhaps why it didn’t make it to my clipboard 🤷
You must log in or register to comment.
I think Microsoft should add a warning before allowing pasting into the Run dialog for the first time. Similarly like they already have in Edge’s console
powershell has that too
Hot take, win+r should be disabled by default and have an option to enable. Probably 99% or more of users will never use the run dialogue
Linux does this better by defaulting to files not being executable, versus Windows needing the downloading software to apply a specific “downloaded file” flag to trigger a notice about potentially unsafe files.
You could make a lot of the commands available by default much less dangerous. Stuff like requiring using protected screens more (like UAC and ctrl+alt+del) for enabling the risky stuff.
Also, sandboxing by default would do even more to prevent the worst dangers.
Disagree, mostly because half the time I WinR is when I’m trying to fix someone else’s PC, and getting to the settings is half the problem.
You click the link, it copies bad code, then asks you to paste the code on a privileged terminal window and hit run.
I saw this a week sometime ago and I had to explain it to all my family members. Evilness.
Easily defeated by not giving users root access.
Taking away admin access on my mother’s windows machine was one of the best decisions I made. Along with moving her to Ubuntu after she ran without admin ‘which she had to have’ (even though all it let her do was fuck up her computer). Saved so many hours reinstalling or disinfecting her machine.
Installed adblockers for all of my non techy family members
Easily stopped by using Ad Blockers… Now if only chrome wasnt trying to kill ad blockers
Someone having a virus on their computer doesn’t prevent them from giving Google ad revenue.
I think the problem starts with the windows key.
windows key+r to open the “run” dialog
lol nope!
My brother ran into this while car shopping on a reputable Utah based Toyota dealership’s website. It was a powershell script that downloaded and executed something from a base64 encoded Bitly URL. Bitly took down the URL so we couldn’t see where it was redirecting.
It seems like attackers are embedding this in vulnerable legit websites
Thanks, that’s very interesting to know. I assumed it was just a malicious site before.
Yeah, some wordpress themes have vulnerable bits that allow attackers to inject cross site scripting attacks into the page via various methods. Some have pivoted to using wordpress plugins which is a newer method I don’t entirely understand yet.
Have a blessed day!
Should I keep a copy of the file that I can then start using again after payment?
I came across this yesterday. It was right after a run of the mill “I am not a robot” message.
On which website?
99% sure it was diyflyfishing.com
Virustotal showd that as clean. Interesting.
Weird thing, to answer your question I delved into my Google history. I saw the “prove your not a robot” with the diyflyfishing proceeding it so i clicked on that. It didn’t come up this time (on a phone now, initially saw it on desktop) and now the “prove you’re not a robot” isn’t in my history?
Honestly having Win-R enabled in home edition is a bad default.
Agree. It’s usually used just to run
cmd, which then does the same thing but also shows output and allows for interactive CLI. Linux does it right with Ctrl+Alt+T.
This tactic is so old, but it weaponizes the annoying ubiquity of capchas. People just want to get to where they’re going, so they click the squares and do the dance to get past the seemingly arbitrary barriers.
This technique shows up on [email protected] every few weeks as the initial attack vector for some new RAT.
URL?
Knowing what it’s doing would be useful and people who have the ability to reverse engineer this can work on a fix or filter.
motorandwheels(dot)com
- I think it would be best if it isn’t clickable
I’ve also noticed, it doesn’t always come up but let me know if it does for you.
I’m confused. Is this a malicious website that you came across? Is this website normally legit? Was this an ad popup? Do you use ublock origin? It would be great if you gave a little more information here. Otherwise we don’t really know what you were doing or what we should avoid. If this is a real legit website then my guess is this was an ad popup.
Edit: virustotal for that website is clean. So either this was a popup (you should use ublock origin) or your PC is infected with malware and you may want to take action (idk for sure, just a guess.) Another possibility is that website was compromised.
I’ve never visited the site before so I just assumed it was just malicious, but as @zdanger said, it might be a hijacked legit site.
I do use uBlock. It also didn’t ‘feel’ like an ad. I now expect the site was compromised as you suggested.
Yea. If others can confirm it then seems like the site was hacked
For me accessing that site in Firefox on Windows (even with uBO) does trigger the scam popup, but in any other browser I tried (Edge, Chrome, FF dev edition), it doesn’t. Kinda interesting.
The popup does not manage to add anything to the clipboard. There are tons of JS errors in the console, so luckily the thing seems to be pretty broken right now.
I wonder if this is an issue on Linux only maybe? Not seeing anyone here on Windows confirming this.
Edit: nvm someone on windows confirmed it
It didn’t show up when I first visited it, but it did after a hard refresh (Ctrl+Shift+R)
I didn’t copy anything to the clipboard, though.
Firefox 137.0 (64-bit) on Linux 6.8.0-57-generic on Mint 22.1
Thanks for that. I also didn’t know about that shortcut until now. It will be very helpful 👍😁
Happy to read it, good luck!
Lucky for me, my mom doesn’t know what the windows key is.
Microsoft verification needed! Please insert penis in hole and pull lever.
Could someone just copy the clipboard content into a text editor so one could see what they are trying to do?
I can’t actually make it copy 😅 I’ve now also tried in Firefox and Chrome but it still hasn’t worked.
