- A scientist has developed a new attack on social engineer
- Attacked, a variant of the existing clickfix problem, has been called filefix
- Windows users are in danger so be on your guard
A new version of the popular Social Engineering Tool Clickfix has been developed, potentially putting Windows users at risk.
A cyber security researcher who goes by the name Mr. DOX has developed a new version of Clickfix, a browser -based attack that is often disguised as CAPTCHAS to fool victims to press a button that then copies a command to Windows Clipboard. From there, users are encouraged to insert the command into a prompt to ‘solve’ a problem.
The new tool called Filefix allows cyber criminals to perform commands on the victim system through File Explorer address bar in Windows, ” – This new attack is a similar prerequisite, but uses Windows File Explorer to create a ‘very plausible scenario’.
Sophisticated social technique
This version of the phishing page is not based on a captcha, but rather a false review that tells users a file has been sent to those who encourage them to insert the path to File Explorer to find it.
This method may be weapons to trick users to download malicious payload. “However, there is a disadvantage of this variation that needs to be considered,” claims Mr Dox.
“Microsoft Defender Smartscreen & Google Safebrowsing will usually warn users before saving executable drugs so that more clicks may be required from the user to make it work. However, I still included this method if someone finds a good use for it or wants to use in another social engineering scenario”
The Clickfix attack has been used by criminals to bypass antivirus -Software, with new malware -variants observed targeting of macOS, Android and iOS users. Any new social engineering attack is dangerous as users will not be broad to the method – so be sure to be wary of unexpected pop -ups and close all the windows you don’t trust.
Via bleeping computer
