Cybersecurity experts have uncovered a new campaign using FileFix social engineering techniques combined with sophisticated obfuscation to deliver the StealC info stealer malware. The attack leverages convincing phishing sites and abused trusted code hosting platforms to evade detection and infect victimsβ systems. #StealC #FileFix #Doppel
Keypoints
- The campaign uses multilingual phishing sites mimicking legitimate platforms like Facebook.
- FileFix tricks users into executing malicious commands via the browserβs file upload feature.
- The attack chain involves downloading images that contain payloads from trusted code hosting services.
- FileFix avoids system security blocks by executing payloads through the web browser instead of system dialogs.
- Variants include social engineering with clipboard hijacking, fake support portals, and remote script execution.
Read More: https://thehackernews.com/2025/09/new-filefix-variant-delivers-stealc.html