Several clients recently obtained a fresh phishing email alerting them to critical security vulnerabilities in their software. Visitors clicking on links seeking additional information are being tricked into revealing their human identity by pressing a unique combination of keyboard buttons, inadvertently allowing malicious software to infiltrate their devices and steal sensitive passwords. While it’s improbable that most programmers were duped by this scam, its prevalence is concerning, given that less sophisticated versions of it can prove far more lucrative for unsuspecting Windows users.
Chris recently received an email purportedly from GitHub’s security team, which he obtained this week, cautioning him with the message: “Warning: Unauthorised access detected on your account. Please click here to secure your account immediately.” Now that we’ve identified a potential security risk within your digital archive, immediate action is required to mitigate the threat and prevent unauthorized access or data breaches. For more information on resolving this issue, please visit our website at https://github.com.
Upon clicking on a specific link, users are redirected to an online webpage that prompts customers to verify their human identity by successfully completing an unconventional CAPTCHA challenge.
This malware attack disguises itself as a seemingly innocuous CAPTCHA, attempting to deceive individuals into unwittingly revealing their vulnerabilities.
Upon clicking the “I’m not a robot” button, a verification prompt appears, requiring users to complete three consecutive actions that demonstrate their human nature. Concurrently pressing the keyboard key, Windows icon, and the letter “R” opens a Windows “Run” dialog box that enables execution of any installed program on the system.
Upon executing these keystrokes, a vulnerability in Windows PowerShell is exploited, allowing malicious actors to inject and execute password-harvesting malware.
Consumers are tricked into executing a nefarious action by simultaneously pressing the “Control” key and the “V” button, thereby allowing harmful code to be pasted from the site’s digital clipboard.
Upon pressing the “Enter” key in Step 3, Windows launches a command that retrieves and executes a malicious file from github-scanner.com, designated as “.”.
PowerShell is a robust, cross-platform automation tool deeply integrated within Windows, enabling administrators to streamline tasks and manage multiple computers across the same network with ease.
The malware scanning service detected a malicious file, dubbed, which was downloaded via copied text, and its purpose is to steal any stored credentials from the affected computer’s system.
While this phishing campaign may have had limited success among programmers familiar with basic Windows shortcuts, the average user might still fall prey to its deception, as they may not instinctively recognize the combination of pressing the Windows key and “R” to access the Run dialog or the use of Ctrl-V to paste clipboard content.
I propose that employing this identical tactic could successfully deceive some of my less technologically adept colleagues and relatives into unwittingly installing malware on their computers. I’d hazard that few, if any, among them have even heard of PowerShell, let alone intentionally launched a PowerShell terminal.
Considering these realities, it would be beneficial if a straightforward solution existed to either disable or severely restrict PowerShell for average consumers, thereby minimizing its potential liability.
Despite this, Microsoft nonetheless warns against disabling PowerShell, as certain fundamental system processes may not function properly without it. Tinkering with intricate registry settings, a task that may seem daunting even to seasoned users, is necessary to unlock these additional features.
Despite this, sharing this information with Windows users in your life who may benefit from a more straightforward approach would be harmless. As a consequence of this particular scheme, there is immense scope for innovation and imagination.
