A cybersecurity researcher has developed FileFix, a variant of the ClickFix social engineering attack that tricks users into executing malicious commands via the File Explorer address bar in Windows.
FileFix, a variation of the social-engineering attack called ClickFix, allows threat actors to execute commands on the victim system through the File Explorer address bar in Windows.
Cybersecurity researcher mr.d0x discovered the new method and demonstrated that it could be used in attacks targeting company employees using simple social engineering techniques.
ClickFix attacks are browser-based and rely on tricking users into clicking on a button on a website that copies a command to Windows clipboard. Users are then instructed to paste the command into PowerShell or another command prompt to fix an issue.
These types of attacks commonly masquerade as captchas or errors that prevent the user from using a site without first "fixing" the issue.
Example of a fake CAPTCHA in a ClickFix attack
Source: SilentPush
The FileFix divergence
In a ClickFix attack, when users click a website button, a malicious PowerShell command is automatically copied into the Windows clipboard followed by instructions to paste it into the command prompt through the Run Dialog (Win+R).
mr.d0x found a way to achieve the same goal but by having the target paste the command in the more familiar user interface of Windows File Explorer.
... continue reading