A new phishing campaign combines FileFix social engineering tactics and cache smuggling to deliver malware undetected. The attack uses a fake FortiClient Compliance Checker page to manipulate victims into executing harmful commands via the Windows Explorer address bar. By exploiting the 2048-character limit, attackers can hide larger payloads compared to typical ClickFix attacks, which are limited to 260 characters. Once the clipboard content is pasted, malicious commands execute without raising alarm, as they are cleverly concealed within display text.
The approach further utilizes cache smuggling to pre-load payloads on victim devices. Rather than relying on standard downloads, which security tools monitor, attackers store malicious files disguised as legitimate image formats in browser caches. This stealthy method enables immediate extraction by the embedded PowerShell script without external network traffic. Additionally, researchers have refined this strategy using Exif metadata to embed harmful payloads in valid images, evading detection through typical content inspection methods. By manipulating ASCII string fields within the Exif structure, attackers can hide malicious code in photographs that appear normal, presenting formidable challenges for security systems and users alike.
👉 Pročitaj original: Cyber Security News
