Techly NewsGet the app

Get the latest tech news

Windows PowerShell Phish Uses Fake CAPTCHA, Downloads Credential Stealer


"Many GitHub users this week received a novel phishing email warning of critical security holes in their code," reports Krebs on Security — citing an email shared by one of his readers: "Hey there! We have detected a security vulnerability in your repository. Please contact us at https://gith...

]com to get more information on how to fix this issue...." Clicking the "I'm not a robot" button generates a pop-up message asking the user to take three sequential steps to prove their humanity. Step 2 asks the user to press the "CTRL" key and the letter "V" at the same time, which pastes malicious code from the site's virtual clipboard. Even though this might fool some users, Krebs points out that Microsoft "strongly advises against nixing PowerShell because some core system processes and tasks may not function properly without it.

Get the Android app

Or read this on Slashdot

Read more on:

Photo of credential stealer

credential stealer

« A Mercedes-Benz Fire May Cloud Korea’s EV Transition
Ming-Chi Kuo survey: Apple’s iPhone 16 series, particularly the Pro models, seems to be facing significant challenges in capturing consumer interest, with potential shifts in consumer loyalty towards Android and older iPhone models. (Link & AI analysis) »