Windows PowerShell Phish Has Scary Potential....(you have a dual boot with windows...please read)

Condobloke

Well-Known Member
Joined
Apr 30, 2017
Messages
9,552
Reaction score
7,653
Credits
65,479


I received this mail today for one of my forks, claiming there is security vulnerability in the code and giving me a link to click, luckily I didn't click it.

Screenshot_20240920_000616.png
 
I have a lack of knowledge in this area. Also, I do not dual boot

If you had clicked that link....(I am assuming you were using Linux when that email arrived..) any nastiness/malware/ etc etc, would have gone nowhere....because Linux does not open stuff if that nature??

Keep in mind I am asking a question here.....not making a statement.

But, if you had a dual boot, and were in Windiows at that time oyuopened the email, and clciked on the link etc etc....and generally followed the "path"......your Windows install would be infected, ....and the outcome of that??....would be that any email you sent from the windows side of the dual boot would carry that infection with it?

I am grasping at straws here.....those who have knowledge in this regard , please share.

There are literally hundreds of members here (if not thousands) who dual boot....They NEED to know.
 
Even if i leave mine alone it's still a pain to keep it around, untouched. Just this morning i had a 45 minutes Win12 "upgrade" including some BiOS FirmWare which threatened to brick my 4 months old/new Dull NoteBook should such critical procedure failed... So, no fan here.
 
If you had clicked that link....(I am assuming you were using Linux when that email arrived..) any nastiness/malware/ etc etc, would have gone nowhere....because Linux does not open stuff if that nature??
There are two scenarios how Linux users could be easily affected, one is that PowerShell is cross platform, you can install it on Linux and so if the malware is elf binary it could run on Linux just fine without needing elevation (root password), and in that case the executable could easily steal GitHub credentials either from web browser profile directory or by stealing private SSH key used to access GitHub, both of which are stored in your /home directory. (such malware doesn't even need PowerShell on Linux)

Malicious website could easily detect if you're running Linux from browser agent and simply offer elf binary instead of Windows executable, but we don't know whether that was indeed the case.
Also instead of tricking users to press CTRL + R which is Windows specific, Linux users could be tricked to run alternatives such as xdg-open depending on distro or by running a command in terminal, although I highly suspect anyone would buy the trick.

But, if you had a dual boot, and were in Windiows at that time oyuopened the email, and clciked on the link etc etc....and generally followed the "path"......your Windows install would be infected, ....and the outcome of that??....would be that any email you sent from the windows side of the dual boot would carry that infection with it?
And that's the second scenario...
It doesn't have to be dual boot, it could as well be virtual machine running Windows which you use to test some library for Windows (ex. cross platform development) and then use it to publish changes to GitHub.

Most users will surely have a copy of GitHub credentials and SSH key in Windows for convenience, and in that case their account would be hacked just like any other Windows user's account.

This scenario is even more likely than previous one.
 


Latest posts

Top