Techradar - All the latest technology news

Windows users warned of major security issue - here's why FileFix attack could be a big concern

Researchers uncover a new social engineering attack that could target Windows users.

Jun 25, 2025 - 16:12
 0
Windows users warned of major security issue - here's why FileFix attack could be a big concern
  • A researcher has developed a new social engineering attack
  • The attack, a variant of the existing ClickFix issue, has been called FileFix
  • Windows users are at risk, so be on your guard

A new version of popular social engineering tool ClickFix has been developed, potentially putting Windows users at risk.

A cybersecurity researcher who goes by the name mr. dox has developed a new version of ClickFix, a browser-based attack often disguised as captchas to trick victims into pressing a button which then copies a command to Windows Clipboard. From there, users are encouraged to paste the command into a prompt to ‘fix’ an issue.

The new tool, dubbed FileFix, allows cybercriminals to execute commands on the victim system through the File Explorer address bar in Windows,” - this new attack is a similar premise, but uses Windows File Explorer to create a ‘highly plausible scenario’.

Sophisticated social engineering

This version of the phishing page is not based on a captcha, but rather a fake notification telling users a file has been sent to them, urging them to paste the path into File Explorer to find it.

This method could quite possibly be weaponised to trick users into downloading malicious payloads. “However, there is a downside to this variation that should be considered,” argues mr. dox.

“Microsoft Defender SmartScreen & Google Safebrowsing will usually warn users prior to saving executables so more clicks might be required from the user to make it work. However, I still included this method in case someone finds a good use for it or wants to use in a different social engineering scenario”

The ClickFix attack has been used by criminals to bypass antivirus software, with new malware variants observed targeting macOS, Android, and iOS users. Any new social engineering attack is dangerous as users won’t be wide to the method - so be sure to be wary of any unexpected pop-ups and close any windows you don’t trust.

Via BleepingComputer

You might also like

Read More

Tags:

Previous Article

Bitcoin-stocks correlation signals USD fragility and not risk-on fervor

Next Article

Good News! Caffeine Might Help Your Cells Live Longer

Related Posts

No, those amazing deals on Facebook aren't real - it's a scam, and here's how to spot it

No, those amazing deals on Facebook aren't real - it's ...

Jun 12, 2025  0

Trump administration scuppers plan to stop data brokers from putting Americans’ sensitive data up for sale

Trump administration scuppers plan to stop data brokers...

May 19, 2025  0

Remember that mysterious RTX 5080 GPU with an SSD slot? Well, turns out Asus has a plan for it, and of course it involves AI and LLM

Remember that mysterious RTX 5080 GPU with an SSD slot?...

Jun 18, 2025  0