A cybersecurity expert has developed FileFix, an evolution of the ClickFix social engineering attack, that leverages the Windows File Explorer address bar to run hidden malicious commands.
Unlike traditional ClickFix techniques—where users are duped into pasting harmful code into PowerShell—FileFix lures victims into copying a disguised PowerShell command into File Explorer under the pretense of accessing a shared file. The command is concealed behind a fake file path embedded in a PowerShell comment, making it visually harmless while executing dangerous instructions.
The phishing page supporting the attack disables actual file uploads and encourages users to "try again," steering them to follow the attacker's instructions precisely.
ClickFix methods have already been used in serious cyber campaigns, including ransomware deployments and operations by North Korea’s Kimsuky group.
FileFix improves the social engineering angle by utilizing a more familiar interface, which makes users less suspicious. Its simplicity and effective deception make it likely to be adopted by threat actors in future attacks.
Read more...