SCR? Ah, yes, this is an old attack. Those are EXE files internally. They are supposed to be the programs that are run when the screen saver function is activated - but in practice, you can run one at any time just by double-clicking on it. It's a perfectly normal executable; it's just that many people wouldn't expect one to reside in a file that doesn't have an EXE extension.
(Well, in fact many people wouldn't see the extension at all, because by default Windows doesn't display them.)
VessOnSecurity
npub1gx…7tun6
2025-10-08 16:17:38 UTC
in reply to nevent1q…xlmu
Author Public Key
npub1gxa39sc7wtpmatdx9rkplkplaquyug2vfhk23dl54slsnmuzf45sh7tun6Seen on
wss://relay.momostr.pinkPublished at
2025-10-08 16:17:38 UTCEvent JSON
{
"id": "5f53250e6d1cd58afe3f5d47964c160701ba1a5a3190dff47b3fc2c2d17a498a",
"pubkey": "41bb12c31e72c3beada628ec1fd83fe8384e214c4deca8b7f4ac3f09ef824d69",
"created_at": 1759940258,
"kind": 1,
"tags": [
[
"p",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"e",
"21d4a6bc3556d35ac41d226fd40e0ba74ed110a69d06bd30b02b65d3e6efcfa3",
"",
"reply",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"e",
"20ef97f7f9a1d4d57f1a747e1b194175a7055eb3d7e370f2861de44c3661c05b",
"",
"root",
"662250ce4d037de109a64a6a0230f7899f922b76346388b3e7ca06fe9490358d"
],
[
"proxy",
"https://infosec.exchange/@bontchev/115339444811873718",
"web"
],
[
"proxy",
"https://infosec.exchange/users/bontchev/statuses/115339444811873718",
"activitypub"
],
[
"L",
"pink.momostr"
],
[
"l",
"pink.momostr.activitypub:https://infosec.exchange/users/bontchev/statuses/115339444811873718",
"pink.momostr"
],
[
"-"
]
],
"content": "SCR? Ah, yes, this is an old attack. Those are EXE files internally. They are supposed to be the programs that are run when the screen saver function is activated - but in practice, you can run one at any time just by double-clicking on it. It's a perfectly normal executable; it's just that many people wouldn't expect one to reside in a file that doesn't have an EXE extension.\n\n(Well, in fact many people wouldn't see the extension at all, because by default Windows doesn't display them.)",
"sig": "973a7fe14089df133d925b33b67ba4ffd86f9c5edd76bd3a19548a963af91ddcabd29ac3f38f980b278c3c88c1046a55022aa77ca73363a47ca4e5cf5fb76816"
}