A sophisticated FileFix attack campaign has been discovered, marking the first use of this technique beyond proof-of-concept. The attack employs a complex phishing infrastructure, including a multilingual site mimicking Facebook security. It uses steganography to conceal malicious code in images, with a multistage payload delivery system featuring layered obfuscation and evasion techniques. The final payload deploys a StealC infostealer targeting various applications and credentials. The campaign has evolved rapidly over two weeks, indicating a global targeting strategy with potential victims in multiple countries. This attack represents a significant advancement in *Fix attack sophistication, combining FileFix with advanced tradecraft to maximize both evasion and impact. Author: AlienVault
Related Tags:
Tunisia
multistage payload
filefix
Serbia
Dominican Republic
T1102.002
T1001.003
T1557.001
T1588.001
Associated Indicators:
2654D6F8D6C93C7AF7B7B31A89EBF58348A349AA943332EBB39CE552DDE81FC8
06471E1F500612F44C828E5D3453E7846F70C2D83B24C08AC9193E791F1A8130
7022F91F0534D980A4D77DF20BEA1AE53EE02F7C490EFBFAE605961F5170A580
1D9543F7C0039F6F44C714FE8D8FD0A3F6D52FCAE2A70B4BC442F38E01E14072
FD30A2C90384BDB266971A81F97D80A2C42B4CEC5762854224E1BC5C006D007A
1801DA172FAE83CEE2CC7C02F63E52D71F892D78E547A13718F146D5365F047C
B3CE10CC997CD60A48A01677A152E21D4AA36AB5B2FD3718C04EDEF62662CEA1
08FD6813F58DA707282915139DB973B2DBE79C11DF22AD25C99EC5C8406B234A
C2423A732CBBC194EDFC0F17145896309598AC37