Fake CAPTCHA websites hijack your clipboard to install information stealers
-
-
The basic problem lies in this sentence:
"It usually starts on a website that promises visitors some kind of popular content: Movies, music, pictures, news articles, you name it."
There are no such things as free wonders.
-
But again, the main task is to eliminate the fantastic illiteracy of users. This way of infection reminds me of the joke about the Albanian virus - the user does most of the work himself.
-
Classic social engineering, relying on the cluelessness of users. It's not really all that different from someone calling and telling you to download a file and running it.
Abusing the clipboard API of course - but then again, we do like the ability to "click here to copy to your clipboard"... it's just so convenient
-
Open the Run dialog box on Windows.
Paste the content of your clipboard into that dialog box.
Execute the command you just pasted.
Such is dumb as hell for users to run commands like this, and so the PC gets infected.
And, sorry, but MSHTA + Power'sHell made by Microsoft is the biggest opener for malware i know.
_bug hunter · Volunteer helper · Sopranos tester · Language DE,EN · ♀👵
Known old dragon lady: Gwen aka Dr. Gwen Agon aka GwenDragon aka DoctorGTesting
Linux Debian 12 KDE X11 / Windows 11 Pro
Intel i5-7400 / NVidia GT 710 -
Since I use Vivaldi I have global site settings set to "Ask" if a site wants to use my clipboard so I know. The most egregious site I come across daily is Outlook for Web.
Since I cannot just ditch msMail as yet I must put up with it.
Also even in my mid 70's I would not on my worst day copy some unknown command that a site has put in my clipboard and Run it without knowing what it was meant for.
@Pathduck & @DoctorG are quite right about relying on clueless users to infect their own machines -
Yes. Its common sense to be suspicious of this new way to solve captcha.
But ,you know, computer and Cyber illiteracy. -
It's Javascript of course, the mother of all evil. I miss the old internet days without that slow, bloaty and insecure crap. Which is basically 99% used for advertising and tracking, not for rendering. Its because of it that browsers became so heavy, as webpages contain tons of it.
-
@npro so its because of Javascript support, we have 129MB V package?
-
@3dvs among other things sure, also why 5 opened tabs cost 1GB of memory
-
@npro I propose to use Lynx – no RAM eaters inside
scnrYes, my Vivaldi takes 1.2 GB (8 extensions, 1 foreground tab, other workspaces+their tabs (max 13) hibernated).
But let us stay on topic.
-
@DoctorG said in Fake CAPTCHA websites hijack your clipboard to install information stealers:
MSHTA + Power'sHell made by Microsoft is the biggest opener for malware i know.
I've seen more than a few FOSS linux projects recommend piping a curled URL's output directly into bash. This isn't just a Microsoft problem.
💻 Windows 10 64-bit Sopranos Builds • en-GB • 🗳 vote for features • 🕵️♀️ Code of Conduct • 🐞 Report bugs
-
@LonM said in Fake CAPTCHA websites hijack your clipboard to install information stealers:
I've seen more than a few FOSS linux projects recommend piping a curled URL's output directly into bash.
That profs that such Linux articles and tips are not safe and not good.
-
@LonM https://hashbang.sh/
Do it
This isn't just a Microsoft problem.
True, but the hack exploits the limited size of the Run dialog in Windows. The command line copied to the clipboard is much larger, but most of it's hidden so only the last part shows.
🎻Volunteer helper · Forum moderator · Sopranos tester 🛠️Troubleshooting 🐛Report a bug 📜Markdown help
🦆"With a rubber duck, one's never alone" -Douglas Adams🦆 -
@Pathduck Yes, one good thing about most terminal apps is you can, in theory, see what you've pasted.
Though I imagine that a sufficiently determined scammer would have no difficulty in convincing people to paste some random stuff into the terminal app instead.
The best is to educate people to not blindly copy and paste stuff in the first place.
💻 Windows 10 64-bit Sopranos Builds • en-GB • 🗳 vote for features • 🕵️♀️ Code of Conduct • 🐞 Report bugs
-
@LonM Linux users do use a shell without knowing their commands? Sad.
Things have not changed since terminal only UNIX access in the 80/90ies.
I remember these old real-life jokes telling users being root "so-called admins" to run a rm -fr /. -
@DoctorG rm -fr / is a totally safe command, the -fr bit just means to run the delete command in french
💻 Windows 10 64-bit Sopranos Builds • en-GB • 🗳 vote for features • 🕵️♀️ Code of Conduct • 🐞 Report bugs
-
@LonM UNIX terminal was able to talk to me in french while removin the entire files from system!? OMG! I missed something in the 80ies.
-
Windows Terminal/Powershell and Linux shell should never made accessible for regular inexperienced users. And if they login as administrator or root, they are 100% responsible for the disaster they create.
I do not understand what users are learning today about administration of a OS?
Leaning by Copy&Paste from websites on a productive system? Huh! makes me shiver. -
@barbudo2005 said in Fake CAPTCHA websites hijack your clipboard to install information stealers:
There are no such things as free wonders.
*