Hello!
We’ve talked about ClickFix before, actors telling you that you have a problem and to click a button to fix it. You solve a captcha, which then copies something to the clipboard they tell you to run in a command prompt or even your more familiar run dialogue box.
Now, a researcher has demonstrated a new attack that actors may end up utalizing. Instead of having you solve a captcha and having you copy something unknowingly, it’ll present you with a problem and get you to upload a file. But instead of uploading an actual file, it does the same thing where it copies a command to have you put it in the file explore address bar.
If the user tries to upload a file, the whole thing is cleared and it tells you to try again, says the article as part of the proof of concept code discussion.
Even the researcher is saying this could be coming, so watch out for things you’re not expecting. If you know your computer is fine, then don’t click on things thinking you’re fixing something when in fact you could be harming things.
The article that we need to read this time is titled New FileFix attack weaponizes Windows File Explorer for stealthy commands.
Read. Learn. You probably don’t want this.
Discover more from The Technology blog and podcast
Subscribe to get the latest posts sent to your email.