I received an email from an unknown person and opened an htm file in the attachment file. The following code executed :
<frameset onpageshow="document.location.replace(window.atob('aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg'));">
Did I just execute something that could harm my computer ?
Thank you,
Thomas
CodePudding user response:
This sets the window location to
https://musk.btcdonatver.site/?2447558.
Looks like a scam but not sure. Possible wont do any harm unless you do something by visiting to that link.
CodePudding user response:
It may be dangerous to open email attachments received from untrusted sources, in general.
In your code, in particular, the following is happening:
window.atob
API is called to decodeaHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg
base64 encoded string. See https://developer.mozilla.org/en-US/docs/Web/API/atob for the API reference.- Using the free online base64 decoder (https://www.base64decode.org/ for example) you may translate
aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg
and gethttps://musk.btcdonatver.site/?2447558
. - On opening this page your browser may navigate to that URL, see
document.location.replace
API call - Now, it depends on what
https://musk.btcdonatver.site/?2447558
is doing.
Please, do not open attachments from unknown people and untrusted sources. They may contain malicious contents, phishing and content that may do damage otherwise.