Latest news with #WindowsFileExplorer
Tom's Guide
5 days ago
- Tom's Guide
New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe
Developed by cybersecurity researcher, mr. d0x, a FileFix attack is a new version of the ever popular ClickFix social engineering tool. For those unfamiliar with ClickFix, it tricks users into executing malicious commands by convincing them that they need to 'fix' something in order to complete a task on their machines. As reported by BleepingComputer, this new FileFix method uses the Windows File Explorer address bar instead. Mr.d0x not only discovered the new method but has demonstrated that it can be used in attacks to target company employees via the same social engineering techniques that have proven highly successful with ClickFix. ClickFix attacks, which have surged in popularity recently, are browser-based and use a variety of tactics to get victims to click on a button in their browser that will copy a command to their Windows clipboard. The victim is then told to paste the command into PowerShell or prompted to perform an additional command in order to 'fix' the issue. This is frequently seen as a reCAPTCHA or an error that needs to be corrected via the Win+R Run Dialog. It has proven to be an extremely effective malware tool, used to spread dangerous infostealers and launch ransomware attacks. The FileFix update created by mr.d0x is similar to a typical ClickFix attack but pastes the command into Windows File Explorer, which many users are more comfortable using. File Explorer can also execute operating system commands which means it has a functional upload feature; the 'trick' portion of the attack is that it no longer requires an error or an issue as a lure and may simply appear as a notification for a shared file that the user needs to locate through File Explorer. FileFix is a phishing page that includes an 'Open Fixe Explorer' button that will launch File Explorer through the file upload functionality and copy the PowerShell command to the clipboard. The fake path is initially seen in the Fixe Explorer address bar, which hides the malicious command and then executes it. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. The ClickFix tactic that's currently being used in more and more in attacks is working due to the fact that it's able to bypass the best antivirus software and many other security tools. The reason for this is that victims end up doing most of the heavy lifting themselves as the hackers behind this and similar campaigns use social engineering to coerce them into taking action. The hackers behind this and similar campaigns use your preexisting knowledge and online habits to get you to do something you otherwise normally wouldn't. They might also use a sense of urgency to get you to visit one of the malicious sites used in this campaign. If you do see a verification pop-up with instructions, close the website immediately and whatever you do, don't interact with it or follow its instructions. Being asked to open a Terminal or Command Prompt window on your computer is a major red flag. However, not everyone is as tech savvy which is why you should share what you've learned with both older and younger family members, friends and colleagues to help keep them safe, too.
NDTV
10-06-2025
- NDTV
Urgent Microsoft Windows Cyberattack Warning: Avoid Opening These Files
Microsoft Windows users have been urgently warned about a dangerous cyberattack that can exploit a longstanding, unresolved security flaw involving Windows LNK files. As per a report in Forbes, citing cybersecurity researchers at Kaspersky and Trend Micro, the vulnerability, known as ZDI-CAN-25373, is being actively exploited by cybercriminals to mount a series of attacks this year. A malicious LNK file can exploit a Windows feature by including an attacker-controlled network location, targeting users across different VLANs. It exploits a flaw in Windows File Explorer, which does not fully display certain parameters included in shortcut files. Despite the vulnerability existing for years, Windows has not assigned it a Common Vulnerabilities and Exposures (CVE) identifier that is typically used to acknowledge and track security threats. In a statement issued to the outlet, Microsoft claimed that its Defender includes content scanning functionality that examines files, including the LNK ones. 'We appreciate the work of ZDI in submitting this report under a coordinated vulnerability disclosure. Microsoft Defender has detections in place to detect and block this threat activity, and the Smart App Control provides an extra layer of protection by blocking malicious files from the Internet," Microsoft said in a statement. "As a security best practice, we encourage customers to exercise caution when downloading files from unknown sources as indicated in security warnings, which have been designed to recognise and warn users about potentially harmful files." it added. "While the UI experience described in the report does not meet the bar for immediate servicing under our severity classification guidelines, we will consider addressing it in a future feature release." Despite Microsoft's assurance, the best protection against the flaw remains awareness and practising caution. Don't open LNK files from unverified sources. Ensure Microsoft Defender or the antivirus software remains updated. Pay attention to security warnings displayed by Windows. Also Read | Woman Who Died For 8 Minutes Reveals What She Saw: "I Realised That..." Google's advice to users Recently, Google has also been urging its Gmail users to move on from older sign-in methods like passwords and two-factor authentication (2FA) to better secure their accounts. The tech giant told users to upgrade accounts to passkeys as well as social sign-ins, which use authenticated platforms like "Sign in with Google". Passkeys is a login system that replaces passwords with biometric authentication via a trusted device like a smartphone. Google views passkeys as "phishing resistant", which can help users log in simply with the method they use to unlock their devices, which can include fingerprint recognition, facial scan, or the pattern lock.
