SKar 0 Posted February 4, 2023 Share Posted February 4, 2023 Hello Forum, I have an HP Windows 11 laptop and I have been using ESET for a couple or more years. Recently I let a friend who studies Cyber Security go into her virtual campus and see downloades a word file that seemed legit to ESET which had some infomration that "interested" me. She closed the tab, then I used the computer, and when I opened it, it was in recovery mode! Anyway I followed the instructions, checked the system, unlocked and when it booted I saw a (Microsoft) power automate Chrome extension installed. I didn't see when the extension got installed (or how) but the file, upon further inspection by ESET appeared benign. I imagine the power automate script activated somehow the Push Button Reset and that activated the BitLocker. Any ideas how that might have happened? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,271 Posted February 5, 2023 Administrators Share Posted February 5, 2023 Please upload the Word document to https://www.virustotal.com to see if it's detected by other vendors and post a link to results here. Link to comment Share on other sites More sharing options...
itman 1,748 Posted February 5, 2023 Share Posted February 5, 2023 (edited) Windows Power Automate tool is built into Win 11. It is also a dangerous tool if an attacker can get access to the local device: https://www.wired.com/story/windows-11-power-automate-attack/ . Additional ref.: https://www.vectra.ai/learning/power-automate . Edited February 5, 2023 by itman Link to comment Share on other sites More sharing options...
Recommended Posts