Search code examples
javascriptsecuritymalwarephishing

Just opened an HTM file with the following code, is it dangerous?

I received an email from an unknown person and opened an htm file in the attachment file. The following code executed :

<frameset onpageshow="document.location.replace(window.atob('aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg'));">

Did I just execute something that could harm my computer ?

Thank you,

Thomas

Solution

  • It may be dangerous to open email attachments received from untrusted sources, in general.

    In your code, in particular, the following is happening:

    • window.atob API is called to decode aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg base64 encoded string. See https://developer.mozilla.org/en-US/docs/Web/API/atob for the API reference.
    • Using the free online base64 decoder (https://www.base64decode.org/ for example) you may translate aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg and get https://musk.btcdonatver.site/?2447558 .
    • On opening this page your browser may navigate to that URL, see document.location.replace API call
    • Now, it depends on what https://musk.btcdonatver.site/?2447558 is doing.

    Please, do not open attachments from unknown people and untrusted sources. They may contain malicious contents, phishing and content that may do damage otherwise.