Rogue Project's Friendica Social Network

Called it. Wrote this back in Sept. 2024, about a clever Windows Powershell phishing scam that was targeting developers at the time. It uses a fake CAPTCHA that asks visitors to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Everyone said, bah, devs will never fall for this. Maybe, I said, but your average user would for sure.

Judging from the number of recent media reports, it appears this one is pretty widespread at the moment.

krebsonsecurity.com/2024/09/th…

The phony CAPTCHA's "verification" steps include:

1. Press Windows button + R key
2. Press Ctrl-V
3. Press enter.

This Windows PowerShell Phish Has Scary Potential

Many GitHub users this week received a novel phishing email warning of critical security holes in their code. Those who clicked the link for details were asked to distinguish themselves from bots by pressing a combination of keyboard keys that…

^{krebsonsecurity.com}

reshared this

in reply to BrianKrebs

SpaceLifeForm

in reply to BrianKrebs • 3 months ago • •

I have never seen this.

Must be because I refuse to use Windows.

#Linux #Debian

in reply to SpaceLifeForm

cerement

in reply to SpaceLifeForm • 3 months ago • •

@SpaceLifeForm
and yet Linux users will happily:
$ curl script | sudo sh

@SpaceLifeForm

in reply to cerement

Unus Nemo

in reply to cerement • 3 months ago •

@cerement

Maybe you would, but I would not.

$ curl -fsSL https://example.com/install.sh | sh

might be acceptable to some users as it only effects the user's profile. Though I am going to do a

$ wget https://example.com/install.sh
$ vim install.sh

Examine the script to determine if it is malicious or flawed and then invoke it only if I find it acceptable. This is pretty standard among experienced users.

Decades ago someone might have been trusting enough to curl and invoke a script without examining it from unknown sources though that is not an acceptable practice today. Though some sites may still offer this as an install method. Most experienced users, especially devs, are going to examine the script before they run it on their system. The more paranoid are going to check it out first in a sandbox before installing it to a live system. I have a VM especially for this type of testing.

@cerement

in reply to cerement

SpaceLifeForm

in reply to cerement • 3 months ago • •

@cerement
Doubtful that newbies even know what curl and pipe are.

@cerement

Unus Nemo likes this.

in reply to SpaceLifeForm

Unus Nemo

in reply to SpaceLifeForm • 3 months ago •

@SpaceLifeForm

And they probably do not know how to open a terminal to use the command either. Though, as I stated, I was referring to experienced users. Newbies on any system are bound to get themselves into trouble. That is a given.

@SpaceLifeForm

SpaceLifeForm likes this.

⇧

BrianKrebs

BrianKrebs 3 months ago • •

This Windows PowerShell Phish Has Scary Potential

SpaceLifeForm

cerement

Unus Nemo

SpaceLifeForm

Unus Nemo

BrianKrebs
3 months ago • •