JRaccoon

The website (Telegram in this case, but can be any website) adds a specifically crafted text to the clipboard and then tricks the user into pasting that text into the Windows Run dialog, which can be used to execute any command(s), basically like a command prompt.

The text the attacker places in the clipboard is actually a command to download and execute an executable file from the internet, giving the attacker remote access to the system or whatever the payload happens to be.

It’s a pretty clever trick. Perhaps MS should consider adding a warning before allowing pasting into the Run dialog or cmd for the first time. They already have this in the Edge browser console.

Yeah I get that, but why return that information in the HTTP response?

Interesting read. One thing I don’t fully get is why does Cloudflare have the airport code in the response headers anyway? I cannot think of a single reason to have it in the response.

the malicious package was added to PyPi last year in June and has been downloaded 885 times so far.

That’s a pretty long time to go undetected. Makes you wonder how many other similar packages there currently are, yet to be discovered, in PyPi, npm and others.

I’ve learned that over in the EU, people can actually re-sell their games on Steam.

Unless I’ve totally missed something, this is (sadly) not true.

The original Super Mario Bros. and SMB 3. The first console I got to play as a child was the NES at my grandparents’ house. Every couple of years I get a nostalgic craving and it’s usually those two games I return to. Also, there are many great rom hacks available if getting bored of the originals.