FileFix: A New Attack Hides Malware in Plain Sight
a day ago
- #phishing
- #cybersecurity
- #steganography
- Researchers discovered a rare in-the-wild FileFix campaign, the first observed outside proof-of-concept demonstrations.
- FileFix is an evolution of ClickFix attacks, which surged by over 500% recently.
- Unlike ClickFix, FileFix abuses file upload dialogs instead of terminals, making it more convincing.
- The campaign uses a highly convincing, multilingual phishing site with anti-analysis techniques.
- Phishing pages were translated into 16 languages and featured obfuscated JavaScript.
- FileFix uniquely employs steganography, hiding PowerShell scripts and executables in JPG images.
- The infection chain involves layered obfuscation with multi-stage scripts and encrypted payloads.
- Final payload is a Go-based loader executing StealC infostealer, which harvests sensitive data.
- Attack variants evolved rapidly, introducing AI-generated images and XOR-encrypted URLs.
- VirusTotal submissions indicate global reach, targeting countries like the U.S., Germany, and China.