Home > Mobile >  Just opened an HTM file with the following code, is it dangerous?
Just opened an HTM file with the following code, is it dangerous?

Time:10-06

I received an email from an unknown person and opened an htm file in the attachment file. The following code executed :

<frameset onpageshow="document.location.replace(window.atob('aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg'));"> 

Did I just execute something that could harm my computer ?

Thank you,

Thomas

CodePudding user response:

This sets the window location to

https://musk.btcdonatver.site/?2447558.

Looks like a scam but not sure. Possible wont do any harm unless you do something by visiting to that link.

CodePudding user response:

It may be dangerous to open email attachments received from untrusted sources, in general.

In your code, in particular, the following is happening:

  • window.atob API is called to decode aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg base64 encoded string. See https://developer.mozilla.org/en-US/docs/Web/API/atob for the API reference.
  • Using the free online base64 decoder (https://www.base64decode.org/ for example) you may translate aHR0cHM6Ly9tdXNrLmJ0Y2RvbmF0dmVyLnNpdGUvPzI0NDc1NTgg and get https://musk.btcdonatver.site/?2447558 .
  • On opening this page your browser may navigate to that URL, see document.location.replace API call
  • Now, it depends on what https://musk.btcdonatver.site/?2447558 is doing.

Please, do not open attachments from unknown people and untrusted sources. They may contain malicious contents, phishing and content that may do damage otherwise.

  • Related