BleepingComputer reports that threat actors could leverage Windows File Explorer to execute malicious commands using the new ClickFix social engineering attack technique dubbed "FileFix".
Intrusions with FileFix involve a phishing page displaying a notification indicating successful file sharing that includes an "Open File Explorer" button, which triggers File Explorer and copies the malicious PowerShell command to the clipboard, according to cybersecurity researcher mr.d0x, who identified the technique. Concatenating a dummy file path within the command conceals the malicious string before being executed by File Explorer, said mr.d0x, who noted the attack technique's simplicity to appeal to threat actors. Such a discovery comes amid the growing popularity of ClickFix attacks, with North Korean state-backed hacking operation Kimsuky having utilized the technique to spread malware. Hospitality workers have also been compromised with information-stealing malware and remote access trojans as part of a ClickFix attack campaign that involved the spoofing of Booking.com.
Intrusions with FileFix involve a phishing page displaying a notification indicating successful file sharing that includes an "Open File Explorer" button, which triggers File Explorer and copies the malicious PowerShell command to the clipboard, according to cybersecurity researcher mr.d0x, who identified the technique. Concatenating a dummy file path within the command conceals the malicious string before being executed by File Explorer, said mr.d0x, who noted the attack technique's simplicity to appeal to threat actors. Such a discovery comes amid the growing popularity of ClickFix attacks, with North Korean state-backed hacking operation Kimsuky having utilized the technique to spread malware. Hospitality workers have also been compromised with information-stealing malware and remote access trojans as part of a ClickFix attack campaign that involved the spoofing of Booking.com.
