FileFix Attack Evolves with Cache Smuggling Technique

Timeline

1. 08.10.2025 22:49 1 articles · 7h ago

   New FileFix variant uses cache smuggling to evade security software

   A new variant of the FileFix social engineering attack uses cache smuggling to hide a malicious ZIP archive within a browser's cache. The attack impersonates a Fortinet VPN Compliance Checker and tricks users into executing a PowerShell script through the Windows File Explorer address bar. The script extracts the malicious payload from the cache and executes it. This technique has been adopted by various threat actors, including ransomware groups.

   Show sources

   • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

   Open in new tab

Information Snippets

• FileFix attacks use the Windows File Explorer address bar to execute PowerShell scripts stealthily.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The new FileFix variant uses cache smuggling to hide a malicious ZIP archive within a browser's cache.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The attack impersonates a Fortinet VPN Compliance Checker and tricks users into executing a PowerShell script.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The PowerShell script extracts the malicious payload from the cache and executes it.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The new variant was first observed by researcher P4nd3m1cb0y and detailed by Marcus Hutchins of Expel.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The attack has been adopted by various threat actors, including ransomware groups.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• A new ClickFix kit called the IUAM ClickFix Generator automates the creation of ClickFix-style lures.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The ClickFix Generator supports OS detection and tailors commands for Windows or macOS.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The lures involve fake Cloudflare CAPTCHAs and prompt users to run hidden commands.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49

• The social engineering attacks have been used to infect devices with DeerStealer, Odyssey, and other malware.

  First reported: 08.10.2025 22:49
  1 source, 1 article
  Show sources

  • New FileFix attack uses cache smuggling to evade security software — www.bleepingcomputer.com — 08.10.2025 22:49