A community for PC Master Race.
Rules:
Notes:
I just saw this and felt I should share it. I'm sure most people here wouldn't fall for it but it can't hurt to make sure 👍
Edit: I just wanted to add, I have no idea what this tried to copy. I'm using Firefox on Linux which is perhaps why it didn't make it to my clipboard 🤷
I pressed ctrl+r on my laptop and the screen got a bit dimmer, had to press esc to make it go away. What to do to pass the verification?
PS: I am a human, not a robot.
Lol, 99% of Lemmy ain't falling for it. (Everyone here is a computer nerd)
Should I keep a copy of the file that I can then start using again after payment?
Have a blessed day!
Oooo I'm researching this. We call some of them click fix and others clearfake but theyre all fake captcha. Its either from vulnerable wordpress themes or plugins so update ya sites for the love of Torvalds.
They're basically a method for infostealers to get downloaded onto the device. They're kinda nasty and some lead to ransomware if youre really unlucky. The usual payload is intended to leach off an individual and steal passwords, crypto addresses, etc, but as soon as they find out you're an organisation computer, they use your machine for initial access and potential further compromise.
Most people don't run these but I've seen at least 3 people who have and tbh usually antivirus stops the 2nd stage payload. So make sure Defender antivirus is turned on, and maybe consider blocking newly registered domains using ad block if you are more tech savvy. Remind your grandparents and young siblings to never do anything with Win+R or disable it on their pc if you know how. Infostealers are nasty and having one on the family pc will hurt every member of the family.
My brother ran into this while car shopping on a reputable Utah based Toyota dealership's website. It was a powershell script that downloaded and executed something from a base64 encoded Bitly URL. Bitly took down the URL so we couldn't see where it was redirecting.
It seems like attackers are embedding this in vulnerable legit websites
Yeah, some wordpress themes have vulnerable bits that allow attackers to inject cross site scripting attacks into the page via various methods. Some have pivoted to using wordpress plugins which is a newer method I don't entirely understand yet.
Thanks, that's very interesting to know. I assumed it was just a malicious site before.
If your web browser tells you to do something outside of your web browser, you shouldn't.
Please check your phone for the verification code we sent you 🤣🤣🤣🤣🤣
I get my messages in my browser though
Many non tech users wouldn’t even realize they were leaving the browser.
Non tech users...like the Amish?
I meant “non tech literate” but I’ll own it at this point 🤣
Microsoft verification needed! Please insert penis in hole and pull lever.
Easily stopped by using Ad Blockers.. Now if only chrome wasnt trying to kill ad blockers
Someone having a virus on their computer doesn't prevent them from giving Google ad revenue.
I think Microsoft should add a warning before allowing pasting into the Run dialog for the first time. Similarly like they already have in Edge's console
Hot take, win+r should be disabled by default and have an option to enable. Probably 99% or more of users will never use the run dialogue
Disagree, mostly because half the time I WinR is when I'm trying to fix someone else's PC, and getting to the settings is half the problem.
Linux does this better by defaulting to files not being executable, versus Windows needing the downloading software to apply a specific "downloaded file" flag to trigger a notice about potentially unsafe files.
You could make a lot of the commands available by default much less dangerous. Stuff like requiring using protected screens more (like UAC and ctrl+alt+del) for enabling the risky stuff.
Also, sandboxing by default would do even more to prevent the worst dangers.
powershell has that too
This tactic is so old, but it weaponizes the annoying ubiquity of capchas. People just want to get to where they're going, so they click the squares and do the dance to get past the seemingly arbitrary barriers.
This technique shows up on !cybersecurity@sh.itjust.works every few weeks as the initial attack vector for some new RAT.
Honestly having Win-R enabled in home edition is a bad default.
Agree. It's usually used just to run cmd, which then does the same thing but also shows output and allows for interactive CLI. Linux does it right with Ctrl+Alt+T.
Didn't work. Hmm, maybe I should install Wine first.
You click the link, it copies bad code, then asks you to paste the code on a privileged terminal window and hit run.
I saw this a week sometime ago and I had to explain it to all my family members. Evilness.
Easily defeated by not giving users root access.
Taking away admin access on my mother's windows machine was one of the best decisions I made. Along with moving her to Ubuntu after she ran without admin 'which she had to have' (even though all it let her do was fuck up her computer). Saved so many hours reinstalling or disinfecting her machine.
Lucky for me, my mom doesn't know what the windows key is.
Installed adblockers for all of my non techy family members
Legit question- who is this for? I can't imagine anyone getting to PC Master Race on Lemmy that would fall for something this obvious.
There's a ton of IT workers on lemmy (go figure). Being aware of the current scams is quite valuable, since it means both that you can warn your users and you know what to look for when they inevitably ignore your warning and do it anyways.
Useful for someone like me who saw this in All. You know the "Granny lowers her glasses and peers into the computer screen" meme? That's me, except I have progressive lenses (to match my politics) so I leave my glasses up.
There are two types of grandmas:
You maybe not, your family? All your friends/coworkers/etc? Talk about scams with people, lots of people use PCs without knowing what is and isn't safe.
Some of us sort by All, so it's a random chance of seeing this
Hi. That's me. I came from all.
I'm also not a complete dumbass, but i appreciate the post, b/c some of my family could BSoD a pocket watch
I love this saying, but I think it meant a lot more before smartwatches.
I specifically choose pocket watch because the odds of it being smart are very low lol
windows key+r to open the "run" dialog
lol nope!
I came across this yesterday. It was right after a run of the mill "I am not a robot" message.
Anyone falling for this lacks a basic understanding of technology, and should not be near the Internet unsupervised until they do. Regardless of age - plenty of young folk blindly walking into shit too.
If you know people like this - please teach them. If you can't teach them, at least set them up with foolproof tools. A non-chromium browser and ublock origin is a good start. If you've got the know-how, a DNSBL like a pihole (for whole home blocking) or adaway/blokada (for Android) are good additional layers.
And get their data backed up 😬
Could someone just copy the clipboard content into a text editor so one could see what they are trying to do?
I think the problem starts with the windows key.
URL?
Knowing what it's doing would be useful and people who have the ability to reverse engineer this can work on a fix or filter.
motorandwheels(dot)com
I've also noticed, it doesn't always come up but let me know if it does for you.