In Red Canary Intelligence Insights: October 2024, a new phishing technique called "Paste and Run" is discussed, where victims are tricked into opening the Windows Run dialog and pasting a PowerShell command to initiate an infection chain. This update introduces a new atomic test that replicates this technique by simulating a user pressing Windows + R, pasting the encoded PowerShell command, and executing it with Enter. This addition follows up on the recent findings discussed in my blog, which covered similar tactics in a fake CAPTCHA campaign delivering Lumma Stealer on Arabic pirated movie sites.
Details:
In Red Canary Intelligence Insights: October 2024, a new phishing technique called "Paste and Run" is discussed, where victims are tricked into opening the Windows Run dialog and pasting a PowerShell command to initiate an infection chain. This update introduces a new atomic test that replicates this technique by simulating a user pressing Windows + R, pasting the encoded PowerShell command, and executing it with Enter. This addition follows up on the recent findings discussed in my blog, which covered similar tactics in a fake CAPTCHA campaign delivering Lumma Stealer on Arabic pirated movie sites.
Testing:
https://github.com/user-attachments/assets/aa26bccf-1cb7-4f11-a461-20204b7f712c
Associated Issues: