New FileFix Method Emerges as a Threat Following 517% Rise in ClickFix Attacks
Briefly

According to ESET, clicking a fake CAPTCHA verification in ClickFix attacks surged 517% between late 2024 and early 2025, exposing users to various threats, including ransomware and infostealers. This deceptive tactic often employs bogus error messages, tricking victims into executing malicious scripts on their devices. Concentrated primarily in regions like Japan and Slovakia, ClickFix’s effectiveness has resulted in attackers sharing tools to create weaponized landing pages. Alternatively, the FileFix technique has emerged, manipulating Windows File Explorer to achieve similar malicious outcomes through phishing tactics.
"The list of threats that ClickFix attacks lead to is growing by the day, including infostealers, ransomware, remote access trojans, cryptominers, and even custom malware from nation-state-aligned threat actors," Jiří Kropáč, Director of Threat Prevention Labs at ESET, said.
"ClickFix has become a widely popular and deceptive method that employs bogus error messages or CAPTCHA verification checks to deceive victims into copying and pasting a malicious script into either the Windows Run dialog or the Apple macOS Terminal app, and running it."
"The prevalence and effectiveness of this attack method have led to threat actors advertising builders that provide other attackers with ClickFix-weaponized landing pages, ESET added."
"The development comes as security researcher mrd0x demonstrated a proof-of-concept (PoC) alternative to ClickFix named FileFix that works by tricking users into copying and pasting a file path into Windows File Explorer."
Read at The Hacker News
[
|
]