Cybersecurity researchers have identified a dangerous new twist to the notorious ClickFix malware tactic. The evolved variant—called FileFix—is now being weaponized in active ransomware campaigns, further advancing the threat landscape.
ClickFix typically lures users by showing them a bogus issue—like a fake CAPTCHA or a misleading virus alert—and then offers a “solution” that involves copying and pasting a command from a compromised website into the Windows Run dialog. This command often triggers the download and execution of malicious software.
However, the new FileFix technique modifies that approach. Instead of using the Run command, it instructs users to paste a string into the File Explorer address bar. Though it appears as a legitimate file path, the string is actually a disguised PowerShell command, cleverly masked using comment syntax.
In recent attacks observed in the wild, executing this PowerShell string installs a PHP-based version of the Interlock Remote Access Trojan (RAT). Once active, the RAT performs a range of actions—scanning system and network configurations, identifying backup systems, navigating through local file directories, probing Active Directory environments, and even inspecting domain controllers.
Eventually, the RAT leads to the deployment of the Interlock ransomware encryptor.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: