New FileFix Phishing Attack Spreads Globally, Tricking Users Through File Explorer

Beware of the new "FileFix" phishing scam impersonating Facebook security, tricking users into executing malware via File Explorer.

By Content Team

Sep 17, 2025

ON THIS PAGE

Share

---

ON THIS PAGE

Want more insights like this?

Subscribe to our newsletter to get the latest software protection strategies delivered to your inbox.

By submitting your email, you consent to Codekeeper contacting you and agree to our privacy policy.

A sophisticated new phishing campaign using the "FileFix" technique has spread across 16 countries, from the US to Serbia. The attack impersonates Facebook security warnings, claiming accounts will be suspended unless users take action.

When victims click to "appeal," they're tricked into pasting malicious PowerShell code into Windows File Explorer's address bar under the guise of opening a PDF file. This executes hidden malware that downloads AI-generated images containing steganographically hidden code, ultimately deploying StealC infostealer to harvest passwords and sensitive data.

FileFix builds on the earlier "ClickFix" technique but uses the more familiar File Explorer instead of the Run dialog, making it harder for organizations to block and more likely to fool users unfamiliar with command execution.

Source: Dark Reading

Share this article

Have questions about protecting your software?

Our escrow experts are standing by to help.

Book a free demo

YOU MAY ALSO LIKE

Nearly 1 Million User Records Compromised in Figure Data Breach

Feb 19, 2026

Hackers Exploit Critical Quest KACE Flaw to Take Over Management Systems

Mar 21, 2026

Russian Hackers Exploit Microsoft Office Zero-Day in Eastern Europe Attacks

Feb 3, 2026

TriZetto Provider Solutions Breach Hits 3.4 Million Patients

Mar 11, 2026