Tiktok channel tricking people into running powershell and unknowingly downloading malware.

[cartel]

https://www.youtube.com/watch?v=03FPDBjpsKo

only reason why I posting this is because at 17:02 this malware speciffically mentions palemoon or moonchild software so I thought I'd pass this along. On a side note I have forbidden powershell from running on my system years ago.

[cartel]

If you dont use powershell you can make sure nothing like this ever happens

gpedit.msc

[Moonchild]

What browser/software people have installed and/or use is irrelevant if they are tricked into pasting scripting into a command-line. Convince the user's grey matter and all bets are off.

[vannilla]

at 17:02 this malware speciffically mentions palemoon or moonchild software

I have watched the video and the malware mentions it simply because it's scanning the filesystem for web browser profiles. It just means whoever is behind it knows about Pale Moon; I wonder if they also knows about Basilisk?

[cartel]

What browser/software people have installed and/or use is irrelevant if they are tricked into pasting scripting into a command-line. Convince the user's grey matter and all bets are off.

yes but the virus specifically looks for the AppData\Roaming\Moonchild Productions\Pale Moon folder to steal it and send it to the attacker.

[Moonchild]

yes but the virus specifically looks for the AppData\Roaming\Moonchild Productions\Pale Moon folder to steal it and send it to the attacker.

Infostealers try to steal as much as they can. Enough people use Pale Moon for malware authors to have it in their script as a possible target. That doesn't mean it's specifically or exclusively targeting Pale Moon, just that it will grab your Pale Moon profile data if present (along with other browsers' profiles). Just one more location to check for and grab.

[cartel]

yes but the virus specifically looks for the AppData\Roaming\Moonchild Productions\Pale Moon folder to steal it and send it to the attacker.

Infostealers try to steal as much as they can. Enough people use Pale Moon for malware authors to have it in their script as a possible target. That doesn't mean it's specifically or exclusively targeting Pale Moon, just that it will grab your Pale Moon profile data if present (along with other browsers' profiles). Just one more location to check for and grab.

is there a way to have palemoon use a different "custom" directory for the profile location? like AppData\Roaming\Get Fucked\Moonchild Productions\Pale Moon?
that would derail them pretty fast

[RealityRipple]

They'd just read the directory's location from wherever the browser reads it. There's no way to obfuscate or hide a file on a computer that a program needs to be able to access other than with filesystem access/security permissions. You're better off letting the path be known but encrypting the contents with a PBKDF-ish algorithm and password or with an externally stored key. When security is concerned, it's best to assume that anything on the system can be accessed by anything else on the system; the only security comes from external sources like the user.

[Moonchild]

There's no way to obfuscate or hide a file on a computer that a program needs to be able to access other than with filesystem access/security permissions. You're better off letting the path be known but encrypting the contents with a PBKDF-ish algorithm and password or with an externally stored key.

Even that doesn't help if the malware uses the existing user's credentials/session when running its exfiltration, unless the application itself supports encryption that way.

[RealityRipple]

There's no way to obfuscate or hide a file on a computer that a program needs to be able to access other than with filesystem access/security permissions. You're better off letting the path be known but encrypting the contents with a PBKDF-ish algorithm and password or with an externally stored key.

Even that doesn't help if the malware uses the existing user's credentials/session when running its exfiltration, unless the application itself supports encryption that way.

Oh, yeah, I wasn't talking about filesystem encryption. I meant like the browser's Master Password encrypting the password database.

[frostknight]

What browser/software people have installed and/or use is irrelevant if they are tricked into pasting scripting into a command-line. Convince the user's grey matter and all bets are off.

Well, this is a weakness that flashy eye candy like graphics enhances in my personal opinion.

The easier people make computers, hardware and software, the more stuff people can put in the system that have major implications of built in malware. The reason I bring that up, is that this, is not all. You can get away with a lot more than just that!

People start to get more illiterate about tech because of dumbing things down and then they can also fall for the same crap this OP mentioned.

beginner friendly GUIs attract people true, but when you need to learn something a harder way, you usually come out with more knowledge and intelligence, if you can find the patience.

Although some people aren't willing to, so that is a double-edged sword right there.

Intelligence & knowledge are like fail-safes for protecting against gullibility.

Its not always this way, but it is more often true I think.

[Moonchild]

Well, this is a weakness that flashy eye candy like graphics enhances in my personal opinion.

The easier people make computers, hardware and software, the more stuff people can put in the system that have major implications of built in malware. The reason I bring that up, is that this, is not all. You can get away with a lot more than just that!

People start to get more illiterate about tech because of dumbing things down and then they can also fall for the same crap this OP mentioned.

It's funny that you try to argue that.

This problem is not because of dumbed-down GUI developments, at all. In fact, it is because advanced command-line tools that the average user never needs are made available and enabled by default with no barriers for abuse, leaving them wide open for social engineering attacks. So it's actually the opposite: high-tech/advanced tools are causing the vulnerability here, not the GUI created for the average user! So your argument really falls flat on its face in that respect.

[moonbat]

I'd say it's still the user at fault here. 30 years since the internet became commonplace and still we're seeing social engineering attacks of the exact same kind over and over. It's crazy how many otherwise sane and smart people lose all common sense when faced with anything computer related. Of course it takes a special type of cretin to follow such tech tips from random video influencers.

[frostknight]

It's funny that you try to argue that.

This problem is not because of dumbed-down GUI developments, at all. In fact, it is because advanced command-line tools that the average user never needs are made available and enabled by default with no barriers for abuse, leaving them wide open for social engineering attacks. So it's actually the opposite: high-tech/advanced tools are causing the vulnerability here, not the GUI created for the average user! So your argument really falls flat on its face in that respect.

My point was that dumbed down gui makes people more likely to fall for stupid tricks because their mind isn't being put to work enough.

You can disagree of course, which I see you do. I am not sure why you think this, but meh w/e,

Although, high tech advanced tools probably shouldn't be enabled for everyone, that is also true. Because it might be possible those tools are vulnerability. If you are saying that, I can agree to that as well.

[Moonchild]

I'd say it's still the user at fault here.

Oh, absolutely. But I'm just arguing that the point is being made that it's "because people need to work harder to use their user interface so they are aware", which I don't agree with, and highlight the other side, that it's actually not an inevitable result of using a GUI or user-friendly tools, but the fact that you're having free access to advanced tools that can and will screw you over if misused. You can approach that several ways; one being to restrict the user to known-safe tools only (good for kids, for example) but that won't fly for people who don't need that kind of hand-holding. So it becomes complex when you have to deal with a gradient of different users each with their own skills and limits.

I think the issue is lack of education/ignorance; if everyone is given structured education about how to use their O.S. and being pointed to common risks, it raises enough awareness before an exploit takes place, without them needing to become a techie or knowing everything that happens under the hood. The current social norm of raising kids from a young age with computing devices creates a comfort zone for them early on that may not necessarily be safe when translated to "adult" computing, but getting people out of that zone to a safer one will be difficult because they will have to change patterns they have used for years. That's IMHO why it is still an issue after 30 years and in fact has become more of an issue.

[frostknight]

I think the issue is lack of education/ignorance;

Making the GUI easier and easier in my opinion increases that lack but you might be right that its not a huge reason why.

This being said, its possible that multiple things cause that same lack of education and ignorance.

Linux can require a separate password to install software or do things that only admins can do, separate from the user login one.

I think windows should do the same thing personally. As long as the user has control of it of course.

Sometimes guard rails are necessary

if everyone is given structured education about how to use their O.S. and being pointed to common risks, it raises enough awareness before an exploit takes place, without them needing to become a techie or knowing everything that happens under the hood. The current social norm of raising kids from a young age with computing devices creates a comfort zone for them early on that may not necessarily be safe when translated to "adult" computing but getting people out of that zone to a safer one will be difficult because they will have to change patterns they have used for years.

It can hard to change patterns one made as a kid regarding computing. I had a bad pattern when I used windows as a kid of deleting the main folder an application was in to remove it instead of uninstalling it lol.

I was reprimanded for that a few times, for good reason.

So yes, this is a good point that I hadn't thought of.