It seemed odd to me that a Web site could write to or read from the clipboard without the user approving it. That would be a pretty obvious security and privacy issue. From what I gather, on Chrome sites can write to the clipboard without approval, but they need approval to read.
On Firefox and others any access requires permission. Thus this exploit seems limited to Chrome users.@SkaveRat pointed out that it doesn’t require permission, only interaction. So likely there’s a button that’s clicked that writes to the clipboard, and most browsers are susceptible to this.
not when there was a user intent like clicking a button.
For example in this screenshot, it’s likely that there’s only the “verify I’m human” button first, you click it, the steps pop up, and at the same time the command ist copied into your clipboard
Exactly, copy requires a click but there’s no rule that the copy button has to look like anything particular
It doesn’t necessarily need a click - it can be triggered by a keypress too (eg at my workplace we have a few internal pages where you can press a keyboard shortcut to copy a shortened URL for the current page).
It has to be something the browser considers a user interaction, meaning the user has expressed an intent to perform the action. That’s usually a button press or keypress.
Why isn’t the default behavior for browsers to not allow access to the clipboard? Similar to how it prompts you for access to camera/microphone
Edit: On a per-site basis, like if you use the Zoom website it asks you for access to the webcam, would something like this work for clipboard as well or would it break stuff?
its not working, my krunner bind is windows+d
We now need a “verify you are a captcha” mechanism to counter this.
This is actually pretty smart because it switches the context of the action. Most intermediate users avoid clicking random executables by instinct but this is different enough that it doesn’t immediately trigger that association and response.
That’s a sneaky one.
You’re probably sarcastic but
paste this random line in the run prompt (or what’s it called) and run it
sneaky
Hmm
It opens the run dialog, which I’m sure the vast majority of Windows users have never heard of. This would trick a lot of people who just trust whatever their computer asks them to do.
It’s not sneaky, it’s just people are morons and fall for the simplest shit
Not everyone knows everything. Actually, nobody does.
Computers simply became an easily available necessity, thus you get a lot of computer-illiterate people using computers.
Perhaps it would’ve been fairer to say that they’re morons when it comes to computers
Kinda like you when it comes to social interaction?
Fairer to call at least 80% of people morons because they don’t know one specific computer feature that is mainly used just by IT people?
Seems like the only moron here is you.
Of course it’s fairer. Before it meant that they’re all around idiots. Now it just says they’re idiots when it comes to computers. There might be aspects they’re not idiots in, but if they’re running random commands, computers isn’t one of them.
Seems like the only moron here is you.
Not when it comes to computers but in some other things for sure
Please show some empathy for those who are not as tech literate as you are. Elitism doesn’t look good on you, friend.
I cant believe they made captcha that only works on windows
This reminds of when I was 13 I used to tell my opponents in Warcraft 3 that pessing alt+q+q quickly reveals the map. It’s a shortcut for closing the game. Worked way to many times
I do see this working
I tried it and it’s not working for me, my terminal is super+T and paste is Ctrl+Shift+V
Ooooohhh… Been using Ubuntu and Mint next to Windows for a couple years and always right-clicked to paste. So that’s the secret sauce!
So inventive these guys. If only we could harness that ingenuity for the common good instead, it would have a huge impact.
Uber
Airbnb
Bitcoin?
LLMs?
Usually I warn my 81 year old dad about these scams. Don’t think I need to worry about this one, he wouldn’t be tech savvy enough to find the windows button
When I saw a women get hacked aftermath. They installed remote access software, however in her downloads you could see the 10 duplicates.
The scum fuck scammer on the phone had to spend at least 45 minutes trying to get them to navigate to their downloads and run the installer.
Our elders are safe from this one lol
Anybody got more info on the actual payload?
powershell.exe -eC [payload_w_base64]is mentioned here.-eCjust means encoded command afaik.deleted by creator
Failed to execute child process: “calc.exe” (No such file or directory)… hehe
Ok, that is kind of clever.
Though I suppose even the dumbest user will chicken out once the terminal pops out.
With that shortcut only a tiny run window will appear and not the scary terminal
Wouldn’t it require elevation?
Yet another example of why running as root/admin is a Bad Idea©
Yes. The prompt asking you if you wanted to do it or not would come up next. Unless they figured out some sneaky way to do something to avoid using admin.
90% of users when they are presented with the UAC popup when they do something:
“Yes yes whateverrr” <click>
🤷♂️ people are going to take the path of least resistance
