- Filefix is a new technique for implementing malware, born of clickfix
- It works by fooling users into inserting commands into File Explorer
- The resulting compromise leads to interconnection crispers
The dreaded Clickfix -Malware -Implementation Technique has evolved and the new variant -called ‘Filefix’ -used in ransomware -attacks.
Clickfix is a technique in which the victims are presented with a false problem (for example, a fake CAPTCHA or a false viral infection alarm) and then provided with a solution. This “Fix” is usually about inserting a command in the Windows Run program that was copied to the clipboard through the compromised site JavaScript.
The command is in most cases to download and run a piece of malware.
Interlock Ransomware
Now Filefix is building on this foundation. Instead of inserting commands on driving, the victims are asked to insert a copied string into File Explorer’s address beam. Thanks to comment syntax, the string looks like a file path, but is actually a Powershell command.
In a few attacks that researchers discovered in nature, this command through File Explorer delivers a PHP-based variant of Interlock Remote Access Trojan (Rat).
This rat performs a variety of commands including collection system and network information. It also lists Active Directory, controls for backups, navigates local folders and examines domain controllers. Ultimately, the rat can implement the interconnection of interlocking ransomware.
Interlock first emerged at the end of September 2024 with public detection in November 2024. It caught the attention of its new FreeBSD-targeted encrypters along with Windows variants.
Among its more notable victims are Wayne County, Michigan, Texas Tech University Health Sciences Center, Heritage Bank & McCormick – Priore and Ketting Health.
It is known for using the standard double -counting tactics, exfiltrating sensitive corporate files before encrypting the systems.
From mid -2025, Interlock has claimed about 14 known attacks, about one -third of health care. This change in delivery tactics suggests that ransomware has been actively developed and that it will continue to pose a major threat to organizations around the world.
Via Bleeping computer
