- Official Post
Display Spoiler
A new variant of the FileFix social engineering attack uses cache smuggling to secretly download a malicious ZIP archive onto a victim’s system and bypassing security software.
The new phishing and social engineering attack impersonates a "Fortinet VPN Compliance Checker" and was first spotted by cybersecurity researcher P4nd3m1cb0y, who shared information about it on X.
In a new report by cybersecurity firm Expel, cybersecurity researcher Marcus Hutchins shares more details on how this attack works.
For those not familiar with FileFix attacks, they are a variant of the ClickFix social engineering attack developed by Mr.d0x. Instead of tricking users into pasting malicious commands into operating system dialogs, it uses the Windows File Explorer address bar to execute PowerShell scripts stealthily.
FileFix attack evolves with cache smuggling
In the new phishing attack, a website displays a dialog that poses as a Fortinet VPN "Compliance Checker, directing users to paste what looks like a legitimate network path to a Fortinet program on a network share.