- A researcher has developed a new social engineering attack
- The attack, a variant of the existing ClickFix issue, has been called FileFix
- Windows users are at risk, so be on your guard
A new version of popular social engineering tool ClickFix has been developed, potentially putting Windows users at risk.
A cybersecurity researcher who goes by the name mr. dox has developed a new version of ClickFix, a browser-based attack often disguised as captchas to trick victims into pressing a button which then copies a command to Windows Clipboard. From there, users are encouraged to paste the command into a prompt to ‘fix’ an issue.
The new tool, dubbed FileFix, allows cybercriminals to execute commands on the victim system through the File Explorer address bar in Windows,” – this new attack is a similar premise, but uses Windows File Explorer to create a ‘highly plausible scenario’.
Sophisticated social engineering
This version of the phishing page is not based on a captcha, but rather a fake notification telling users a file has been sent to them, urging them to paste the path into File Explorer to find it.
This method could quite possibly be weaponised to trick users into downloading malicious payloads. “However, there is a downside to this variation that should be considered,” argues mr. dox.
“Microsoft Defender SmartScreen & Google Safebrowsing will usually warn users prior to saving executables so more clicks might be required from the user to make it work. However, I still included this method in case someone finds a good use for it or wants to use in a different social engineering scenario”
The ClickFix attack has been used by criminals to bypass antivirus software, with new malware variants observed targeting macOS, Android, and iOS users. Any new social engineering attack is dangerous as users won’t be wide to the method – so be sure to be wary of any unexpected pop-ups and close any windows you don’t trust.
Via BleepingComputer
Leave a comment