Embed Notice

HTML Code

<blockquote style="position: relative; padding-left: 55px;"><section><a href="https://infosec.exchange/users/briankrebs/statuses/114160980257383048">BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 14-Mar-2025 22:32:31 JST</a><a href="https://infosec.exchange/@briankrebs" title="briankrebs@infosec.exchange"><img src="https://gnusocial.jp/avatar/21764-48-20231108132353.webp" width="48" height="48" alt="BrianKrebs" style="position: absolute; left: 0; top: 0;">BrianKrebs</a></section><article><p>Called it. Wrote this back in Sept. 2024, about a clever Windows Powershell phishing scam that was targeting developers at the time. It uses a fake CAPTCHA that asks visitors to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Everyone said, bah, devs will never fall for this. Maybe, I said, but your average user would for sure.</p><p>Judging from the number of recent media reports, it appears this one is pretty widespread at the moment.</p><p><a href="https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/" rel="nofollow">https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/</a></p></article><footer><a rel="bookmark" href="https://gnusocial.jp/conversation/4730994#notice-9264677">In conversation</a><time datetime="2025-03-14T22:32:31+09:00" title="Friday, 14-Mar-2025 22:32:31 JST">about a month ago</time> <span>from <span><a href="https://infosec.exchange/@briankrebs/114160980257383048" rel="external" title="Sent from infosec.exchange via ActivityPub">infosec.exchange</a></span></span><a href="https://infosec.exchange/@briankrebs/114160980257383048">permalink</a><h4>Attachments</h4><ol><li><label><a rel="external" href="https://gnusocial.jp/attachment/4298728">The phony CAPTCHA's "verification" steps include:1. Press Windows button + R key
2. Press Ctrl-V
3. Press enter.</a></label><br><a href="https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/160/976/012/619/024/original/7660ca7800fa00a1.png" rel="external">https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/160/976/012/619/024/original/7660ca7800fa00a1.png</a></li></ol></footer></blockquote>

Corresponding Notice

Embed this notice
BrianKrebs (briankrebs@infosec.exchange)'s status on Friday, 14-Mar-2025 22:32:31 JST BrianKrebs
Called it. Wrote this back in Sept. 2024, about a clever Windows Powershell phishing scam that was targeting developers at the time. It uses a fake CAPTCHA that asks visitors to distinguish themselves from bots by pressing a combination of keyboard keys that causes Microsoft Windows to download password-stealing malware. Everyone said, bah, devs will never fall for this. Maybe, I said, but your average user would for sure.
Judging from the number of recent media reports, it appears this one is pretty widespread at the moment.
https://krebsonsecurity.com/2024/09/this-windows-powershell-phish-has-scary-potential/
In conversationabout a month ago from infosec.exchangepermalink
Attachments
1. The phony CAPTCHA's "verification" steps include: 1. Press Windows button + R key 2. Press Ctrl-V 3. Press enter.
  https://media.infosec.exchange/infosec.exchange/media_attachments/files/114/160/976/012/619/024/original/7660ca7800fa00a1.png

Public

Embed Notice

HTML Code

Corresponding Notice