- Filefix is a new technique to implement malware, born outside clickfix
- It works by cheating users to hit the commands in the file explorer
- The resulting commitment leads to interlocking encrypters
The dreaded malware implementation technique Clickfix has evolved, and the new variant, called ‘Filefix’, is being used in ransomware attacks.
Clickfix is a technique in which the victims are presented with a false problem (for example, a false captcha or a false virus infection alert), and then a solution is provided. That “solution” usually revolves around the fight in the Windows Run program that was copied to the clipboard through the javascript of the committed website.
The command, in most cases, is to download and execute a piece of malware.
Interlaced ransomware
Now, Filefix is based on that base. Instead of pasteing the commands in execution, the victims are told to paste a chain copied in the file explorer address bar. Thanks to comment syntax, the chain seems like a file route, but it is, in fact, a Powershell command.
In some attacks that the researchers saw in nature, executing this command through the file explorer offers a variant based on PHP of Remote Access Trojan (Rat) based on PHP.
This rat executes several different commands, including network collection and information. It also lists Active Directory, verifies backups, navigate local directories and examine domain controllers. Ultimately, the rat can implement the interlocking ransomware encryption.
Interlock first emerged at the end of September 2024, with public detection in November 2024. They caught their innovative guidance encryptions of FreeBSD along with the Windows variants.
Among its most notable victims are the Center for Health Sciences of the University of Texas Tech, Banco Heritage and McCormick -priore and Kettering Health.
It is known for using the standard double extension tactics, extinguishing the company’s confidential archives before encrypting the systems.
In mid -2025, the interlocking has claimed about 14 known attacks, approximately one third of medical care. This change in delivery tactics suggests that ransomware is actively developing and will continue to represent a great threat to organizations around the world.
Through Bleepingcomputer
