FileFix in the wild! New FileFix campaign goes beyond POC and leverages steganography
Sept. 16, 2025, 2:42 p.m.
Description
A sophisticated FileFix attack campaign has been discovered, marking the first use of this technique beyond proof-of-concept. The attack employs a complex phishing infrastructure, including a multilingual site mimicking Facebook security. It uses steganography to conceal malicious code in images, with a multistage payload delivery system featuring layered obfuscation and evasion techniques. The final payload deploys a StealC infostealer targeting various applications and credentials. The campaign has evolved rapidly over two weeks, indicating a global targeting strategy with potential victims in multiple countries. This attack represents a significant advancement in *Fix attack sophistication, combining FileFix with advanced tradecraft to maximize both evasion and impact.
Tags
Date
- Created: Sept. 16, 2025, 2:29 p.m.
- Published: Sept. 16, 2025, 2:29 p.m.
- Modified: Sept. 16, 2025, 2:42 p.m.
Indicators
- fd30a2c90384bdb266971a81f97d80a2c42b4cec5762854224e1bc5c006d007a
- b3ce10cc997cd60a48a01677a152e21d4aa36ab5b2fd3718c04edef62662cea1
- 70ae293eb1c023d40a8a48d6109a1bf792e1877a72433bcc89613461cffc7b61
- 7022f91f0534d980a4d77df20bea1ae53ee02f7c490efbfae605961f5170a580
- 2654d6f8d6c93c7af7b7b31a89ebf58348a349aa943332ebb39ce552dde81fc8
- 1d9543f7c0039f6f44c714fe8d8fd0a3f6d52fcae2a70b4bc442f38e01e14072
- 1801da172fae83cee2cc7c02f63e52d71f892d78e547a13718f146d5365f047c
- 08fd6813f58da707282915139db973b2dbe79c11df22ad25c99ec5c8406b234a
- 06471e1f500612f44c828e5d3453e7846f70c2d83b24c08ac9193e791f1a8130
- 77.90.153.225
- facebook.windows-software-updates.com
- facebook.windows-software-updates.cc
- facebook.windows-software-downloads.com
- facebook.meta-software-worldwide.com
- thanjainatural.com
- mastercompu.com
- elprogresofood.com
Additional Informations
- Tunisia
- Dominican Republic
- Serbia
- Nepal
- Bangladesh
- China
- Peru
- Germany
- Philippines
- United States of America