SubtitleCat Website new Malware Alert
SubtitleCat Website new Malware Alert
2025-10-12 21:00:26

I was just searching the subtitle cat website for something not available here when a new nasty bit of malware I'd never seen before poped up. Subtitle cat has massive amounts of Spam and popups which are pretty well if not entirely blocked by the 3 pop blockers I use. But a popup appeared saying I need to accept or reject their cookie policy I closed it . but got curious so investigated further when it poped up again. When you press either accept or reject button you get another popup saying they need to verify you're human. The verification "test" involves essentially copying and pasting some disguised "download and install link" with admin authority. But the way they try to manipulate you to do it by pretending you need to follow cetain steps to prove you're human is what is sneaky and new.
Re: SubtitleCat Website new Malware Alert
2025-10-13 02:28:52

Thanks for the heads up.
Re: SubtitleCat Website new Malware Alert
2025-10-13 08:56:30

I think Subtitle cat is used by many people here, so thank you for the warning !
Here is what Chatgpt says about this Malware and if you responded were infected what to do
2025-10-13 12:16:42

Yes — this malware has already been reported and analyzed. It’s part of a deceptive campaign using fake CAPTCHA prompts to trick users into executing clipboard-injected PowerShell scripts via the Windows Run dialog.
???? What This Malware Does
- Fake CAPTCHA prompt asks users to prove they’re human by:
- Pressing Windows + R (opens Run dialog)
- Pressing Ctrl + V (pastes clipboard content)
- Pressing Enter (executes the command)
- The clipboard is silently loaded with a PowerShell script via JavaScript when the user clicks the CAPTCHA box.
- The script typically downloads and runs Lumma Stealer, Vidar, or StealC — malware designed to:
- Steal passwords, cookies, and crypto wallet data
- Exfiltrate browser and system credentials
- Self-delete after execution to avoid detection
???? Technical Details
- The script may appear benign (e.g., “I am not a robot – Verification ID”) but hides a Mshta or PowerShell command beyond the visible Run box width.
- It’s often triggered by visiting malicious streaming or download sites, especially those spoofing legitimate services.
- The malware uses JavaScript clipboard injection to preload the payload without user awareness.
???? What to Do If You Encountered This
If you followed the steps (Win+R → Ctrl+V → Enter), take these actions immediately:
- Disconnect from the internet
- Run Microsoft Defender Offline Scan:
Windows Security → Virus & threat protection → Scan options → Offline scan
- Use Malwarebytes or ESET Online Scanner for deeper inspection:
- Malwarebytes
- ESET Online Scanner
- Change all passwords, especially for email, banking, and social media
- Review installed programs:
Control Panel → Programs and Features → Look for unfamiliar entries
- Consider a factory reset if you suspect lingering compromise
???? What This Malware Does
- Fake CAPTCHA prompt asks users to prove they’re human by:
- Pressing Windows + R (opens Run dialog)
- Pressing Ctrl + V (pastes clipboard content)
- Pressing Enter (executes the command)
- The clipboard is silently loaded with a PowerShell script via JavaScript when the user clicks the CAPTCHA box.
- The script typically downloads and runs Lumma Stealer, Vidar, or StealC — malware designed to:
- Steal passwords, cookies, and crypto wallet data
- Exfiltrate browser and system credentials
- Self-delete after execution to avoid detection
???? Technical Details
- The script may appear benign (e.g., “I am not a robot – Verification ID”) but hides a Mshta or PowerShell command beyond the visible Run box width.
- It’s often triggered by visiting malicious streaming or download sites, especially those spoofing legitimate services.
- The malware uses JavaScript clipboard injection to preload the payload without user awareness.
???? What to Do If You Encountered This
If you followed the steps (Win+R → Ctrl+V → Enter), take these actions immediately:
- Disconnect from the internet
- Run Microsoft Defender Offline Scan:
Windows Security → Virus & threat protection → Scan options → Offline scan
- Use Malwarebytes or ESET Online Scanner for deeper inspection:
- Malwarebytes
- ESET Online Scanner
- Change all passwords, especially for email, banking, and social media
- Review installed programs:
Control Panel → Programs and Features → Look for unfamiliar entries
- Consider a factory reset if you suspect lingering compromise
Re: Here is what Chatgpt says about this Malware and if you responded were infected what to do
2025-10-13 18:17:14

Wow... That would make IT guys laugh a lot, but I'm sure a lot of people would run in it... sometimes, hacker don't have to use complex vectors...
For those who don't know, these key will allow the attacker to do what he wants on your computer.
For those who don't know, these key will allow the attacker to do what he wants on your computer.