Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

FileFix global phishing campaign

Campaign
First reported
Last updated
Happening score
H score 36
1 unique sources, 1 articles

Summary

Hide ▲

The FileFix phishing campaign has expanded into a global credential-theft operation, reaching users across multiple countries and languages. It uses malicious PowerShell, steganography, and a fake Facebook security appeal flow to trick victims into executing code. The lure was translated into at least 16 languages, suggesting broad international targeting. The payload chain ultimately delivers StealC, raising the risk of password and wallet theft.

Related Happenings

AccountDumpling Google AppSheet Facebook phishing campaign

Campaign
First: 01.05.2026 21:09 Last: 01.05.2026 21:09 Sources 1

About this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...

Open Happening

Compromised legitimate WordPress websites used to infect visitors with infostealer malware campaign expands across multiple victims

Campaign
First: 11.03.2026 16:45 Last: 11.03.2026 16:45 Sources 1

About this happening: A **global ClickFix campaign** is abusing compromised **WordPress** sites to push **infostealer malware** to visitors, putting credentials and financial data at risk. The operatio...

Open Happening

CRESCENTHARVEST Windows RAT and info-stealer activity

Malware Activity
First: 19.02.2026 10:13 Last: 19.02.2026 10:13 Sources 1

About this happening: The **CRESCENTHARVEST** malware activity centers on **version.dll**, a **Windows RAT and information stealer** that can execute commands, log keystrokes, and exfiltrate data. It m...

Open Happening

Storm-0249 tax-themed phishing campaign targeting U.S. users

Campaign
First: 09.12.2025 15:37 Last: 09.12.2025 15:37 Sources 1

About this happening: **Storm-0249** ran a **tax-themed phishing campaign** against **U.S. users** ahead of the **tax filing season**, expanding access opportunities for downstream abuse. The operation...

Open Happening

JackFix ClickFix fake-adult-site phishing campaign

Campaign
First: 25.11.2025 16:18 Last: 25.11.2025 16:18 Sources 1

About this happening: The **JackFix** campaign is using **fake adult websites** and **ClickFix** lures to trick users into running malicious commands, enabling an infection chain that can drop **steale...

Open Happening

Timeline

  1. 16.09.2025 15:00 2 articles · 8mo ago

    FileFix phishing campaign disclosed with global reach and StealC payload

    Initial Disclosure

    Acronis researchers observed a mature FileFix phishing operation that impersonates Facebook security, uses malicious PowerShell, code obfuscation, and steganography, and delivers a hidden StealC infostealer payload to steal passwords and other sensitive data. VirusTotal uploads indicate broad reach across countries including the US, the Philippines, Bangladesh, Tunisia, the Dominican Republic, Germany, China, Peru, Nepal, and Serbia, and the lure was localized into at least 16 languages.

    Show sources
    Open in new tab