Photo: Richard Drew / AP
Published on Github script malware PowerShell is able to steal user credentials Windows. It is reported portal Bleeping Computer.
Once on the victim’s computer, the program continually prompts for username and password, and if entered correctly, sends these data to the remote server. If the victim is mistaken or intentionally enters the wrong pair for authentication, the script will evaluate them as incorrect and will require real data.
In the current state of harmful software is easy to distinguish from “native”: it has a distinctive visual feature — a window with a blue ribbon and a picture of the keychain. However, hackers can change the view of the requesting algorithm, and then to distinguish it from the present will be harder.
On the forum Github warn that the process is reversible only until the introduction of the keychain. To get rid of the script, through the completion of the process called Windows PowerShell in task Manager.
The trick, according to third-party developers, were invented for the inexperienced and not very attentive users who do not pay much attention to the General appearance of the Windows or server, the requesting system data. Such users often become victims of phishing.
In late February, a vulnerability was discovered that allows a single action to cause the “blue screen of death” Windows. Jeopardized all computers on the operating system Windows 8.1 and server modifications Windows Server 2012 R2.
Video, photo All from Russia.