- A researcher has developed a new social engineering attack
- The attack, a variant of the existing clickfix problem, has been called Filefix
- Windows users are at risk, so be on your guard
A new version of the popular social engineering tool Clickfix has been developed, potentially putting Windows users in danger.
A cybersecurity researcher that bears the name Mr. Dox has developed a new version of Clickfix, an attack based on a browser often disguised as Captchas to encourage victims to press a button that then copies an order in the Windows clipboard. From there, users are encouraged to stick the command in an invite to “solve” a problem.
The new tool, nicknamed Filefix, allows cybercriminals to run orders on the victim system via the File Explorer address bar in Windows “- This new attack is a similar premise, but uses Windows File Explorer to create a” highly plausible scenario “.
Sophisticated social engineering
This version of the phishing page is not based on a Captcha, but rather a false notification indicating to users that a file has been sent to them, exhorting them to stick the access path to File Explorer to find it.
This method could most likely be armed to encourage users to download useful malicious charges. “However, there is a drawback to this variation which should be considered,” said Mr.. Dox.
“Microsoft Defender SmartScreen & Google SAFEBROWSING will generally notify users before saving the executables so that more clicks can be necessary for the user to operate it.
The Clickfix attack was used by criminals to bypass antivirus software, with new variants of observed malware targeting macO, Android and iOS users. Any new social engineering attack is dangerous because users will not be wide to the method – so be sure to be wary of unexpected contextual windows and close all the windows you do not trust.
Via Bleeping Compompute
