Advertisement · 728 × 90
#
Hashtag
#pastejacking
Advertisement · 728 × 90
Brad
Brad
@malware-traffic-analysis.net
1 year ago
Injected script in a page from a legitimate but compromised website.

Injected script in a page from a legitimate but compromised website.

The CAPTCHA style "Verify You Are Human" page hijacks a viewer's clipboard on a vulnerable Windows host, and it asks viewers to paste script (from the clipboard) into a Run window. This is PowerShell script that is designed to infect a Windows host with malware.

The CAPTCHA style "Verify You Are Human" page hijacks a viewer's clipboard on a vulnerable Windows host, and it asks viewers to paste script (from the clipboard) into a Run window. This is PowerShell script that is designed to infect a Windows host with malware.

Traffic from an infection filtered in Wireshark.

Traffic from an infection filtered in Wireshark.

Self-signed certificate seen on the C2 server for post-infection traffic using HTTPS TSLv1.0.

Self-signed certificate seen on the C2 server for post-infection traffic using HTTPS TSLv1.0.

2025-04-04 (Fri): Social media post I wrote for my employer on other platforms. #KongTuke script in pages from legitimate websites leads to fake #CAPTCHA pages and #ClipboardHijacking / #pastejacking. These pages ask users to paste script into a Run window. Latest info at github.com/PaloAltoNetw...

5 1 0 0