Kevin RussellJul 6, 2023

WARNING: Phishing Attacks, HTML markup to hide urls, are now in Mastodon.

While Mastodon does not have markup to allow hiding urls, they share API with "friendica" and friendica ALLOW HIDING URLS.

And friendica accounts can post on Mastodon.
I have asked for a solution, none is forthcoming.

Click NO LINKS that come friendica. Be wary of links on Mastodon, as if Mastodon were "email" - without any protections.

Multiple reports of other fediverse branches allow hiding urls. No Clicking links

Show threadfuomag9Jul 6, 2023
@kevinrns do you have any example/POC of this?
Show threadKevin Russell

@fuomag9

This post has, what I assume, but do not trust, a perfectly safe url behind the blue html markup.

Now add mastodon editing to hidden urls.

"The first five urls he used, behind the hiding html, were fine, no malware, just porn pop ups," a security researcher might say, "until the sixth and seventh edit, then it was ransomware."

https://mstdn.social/@hankg@friendica.myportal.social/110664223061565419

Hank G ☑️

I love Star Trek INtakes. This one has several. #StarTrek #StarTrekInTakes #humor #funny #GeekHumor

Jul 6, 2023 at 10:15pmWeb