SKar 0 Posted February 4 Share Posted February 4 Hello Forum, I have an HP Windows 11 laptop and I have been using ESET for a couple or more years. Recently I let a friend who studies Cyber Security go into her virtual campus and see downloades a word file that seemed legit to ESET which had some infomration that "interested" me. She closed the tab, then I used the computer, and when I opened it, it was in recovery mode! Anyway I followed the instructions, checked the system, unlocked and when it booted I saw a (Microsoft) power automate Chrome extension installed. I didn't see when the extension got installed (or how) but the file, upon further inspection by ESET appeared benign. I imagine the power automate script activated somehow the Push Button Reset and that activated the BitLocker. Any ideas how that might have happened? Quote Link to comment Share on other sites More sharing options...
Administrators Marcos 4,609 Posted February 5 Administrators Share Posted February 5 Please upload the Word document to https://www.virustotal.com to see if it's detected by other vendors and post a link to results here. Quote Link to comment Share on other sites More sharing options...
itman 1,510 Posted February 5 Share Posted February 5 (edited) Windows Power Automate tool is built into Win 11. It is also a dangerous tool if an attacker can get access to the local device: https://www.wired.com/story/windows-11-power-automate-attack/ . Additional ref.: https://www.vectra.ai/learning/power-automate . Edited February 5 by itman Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.