big city
Please be aware that someone is posing as a Skyriver IT recruiter. If you would like to apply, please go to the careers page on our website
Skyriver IT logotype.
Client ServicesContact Us
support iconPhone Icon
skyriver IT
/
blog & news
/
FileFix Is the New ClickFix And It’s Even Sneakier

FileFix Is the New ClickFix And It’s Even Sneakier

6/26/2025
|
3 minute
written by

Just when we were starting to understand how the ClickFix scam worked, a new method has entered the scene and it might be even trickier. Meet FileFix: a fresh twist on an old social engineering trick, and a reminder that attackers don’t always need advanced malware to cause serious damage. Sometimes, all it takes is getting someone to copy and paste.

So, What’s FileFix?

FileFix is a technique recently shared by security researcher mrd0x, and it’s all about abusing something most of us use every day—Windows File Explorer.

Here’s how it works:

  • A phishing page tells you a document has been shared with you.
  • You're instructed to copy a file path and paste it into File Explorer using CTRL + L.
  • But that "file path" isn’t what it seems. It's a PowerShell command, hidden to look harmless.
  • As soon as you paste it, boom...the code runs, and the attacker gets what they want.

The trick lies in how the command is disguised. The actual file path is just a decoy, and the dangerous part is tucked away with spaces and a pound sign so you don’t notice it.

The Original Scam: ClickFix

If FileFix sounds sneaky, that’s because it builds on the success of an earlier trick called ClickFix, which has been spreading fast, 517 percent growth in less than a year, according to ESET.

ClickFix relies on fake CAPTCHAs or error messages to convince people to copy a script into their system’s Run box on Windows or Terminal on macOS. Once they do, attackers can drop all kinds of malware: ransomware, info stealers, remote access tools, and more.

It’s especially common in countries like Japan, Spain, Poland, and Peru, and cybercriminals are even selling DIY ClickFix kits to help others set up their own attacks.

Other Phishing Tricks on the Rise

These tactics are part of a bigger wave of phishing scams popping up in different forms. Some quick examples:

  • Fake government emails like toll violations using legit-looking .gov domains.
  • Aged domains that look clean but have been waiting to be used for attacks.
  • Malicious shortcuts in ZIP files launching remote access tools.
  • “Your mailbox is full” alerts that link to phishing pages or malware downloads.
  • PDFs with hidden links that eventually drop info-stealing software.
  • Trusted platforms like Vercel being misused to host fake downloads.
  • Smishing (SMS phishing) posing as DMVs to steal payment info.
  • Microsoft SharePoint links that trick users into giving up their credentials.

The common thread? These scams rely more on tricking people than on breaking through defenses.

What You Can Do

Here’s the good news: these attacks often need user interaction to work, so awareness is your best defense. A few simple tips:

  • Don’t copy and paste anything from a site you don’t trust, especially into system apps.
  • Be suspicious of anything asking you to open File Explorer or Terminal for no clear reason.
  • Watch for urgency or fear tactics like claims you owe money or your account is in danger.
  • Hover over links before clicking, and avoid opening attachments from unknown senders.

And if you're in charge of security at your organization, it’s worth locking down PowerShell and monitoring for unusual activity, especially anything that looks like someone pasting code into the system.

How Skyriver IT Can Help

FileFix is clever, low-effort for attackers, and high-impact for victims. It builds on ClickFix’s success but takes a more subtle route. Both show that social engineering remains one of the most powerful tools in a hacker’s toolbox. So stay sharp, and remember: sometimes the most dangerous threats start with something as simple as CTRL + V.

At Skyriver IT, we stay ahead of threats like ClickFix and FileFix so you don’t have to. Our team helps businesses:

  • Monitor unusual activity across endpoints and networks
  • Educate your staff with real-world cybersecurity awareness training
  • Implement smart email filters and phishing detection tools
  • And respond quickly if something does get through

Cyberattacks don’t always start with code, they often start with a simple mistake. We help make sure your team, systems, and data are protected before that mistake happens.

Want to see where your organization stands? Reach out to Skyriver IT today! We’re here to help you stay secure, informed, and one step ahead.

Latest Posts

Top 4 Business Risks of Ignoring IT Strategy

June 18, 2025
|
2 minute

A Simple Charge with Serious Consequences. Protecting Your Data While You Travel.

June 13, 2025
|
3 minute

Watch Out for These Phishing and Social Engineering Techniques

June 4, 2025
|
3 minute
KGC Technologies, LLC D/B/A Skyriver IT meets ADA website standards according to Web Content Accessibility Guidelines (WCAG)
OK
By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively.
OK