A new cyber threat known as the FileFix attack is gaining traction, using deceptive tactics to trick users into downloading malware. According to Acronis, which first identified the campaign, hackers are sending fake Meta account suspension notices to lure victims into installing the StealC infostealer. Reported by Bleeping Computer, the attack relies on social engineering techniques that exploit urgency and fear to convince targets to act quickly without suspicion.
The StealC malware is designed to extract sensitive information from multiple sources, including cloud-stored credentials, browser cookies, authentication tokens, messaging platforms, cryptocurrency wallets, VPNs, and gaming accounts. It can also capture desktop screenshots. Victims are directed to a fake Meta support webpage available in multiple languages, warning them of imminent account suspension. The page urges users to review an “incident report,” which is disguised as a PowerShell command. Once executed, the command installs StealC on the victim’s device.
To execute the attack, users are instructed to copy a path that appears legitimate but contains hidden malicious code and subtle formatting tricks, such as extra spaces, making it harder to detect. Unlike traditional ClickFix attacks, which use the Windows Run dialog box, FileFix leverages the Windows File Explorer address bar to execute malicious commands. This method, attributed to a researcher known as mr.fox, makes the attack harder for casual users to recognize.
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: