FileFix: The New Social Engineering Attack Building on ClickFix Tested in the Wild
Check Point, Wednesday, July 16th, 2025
Check Point Research identifies how the new social engineering technique, FileFix, is being actively tested by threat actors in the wild.
Attackers have long exploited human trust as a primary attack surface, and they're doing it again with a new technique called FileFix.
FileFix is a recently uncovered social engineering attack that builds on the widely abused ClickFix tactic. Unlike ClickFix, which tricks users into running malicious commands via the Windows Run dialog, FileFix takes a subtler approach: it opens a legitimate Windows File Explorer window from a webpage and silently loads a disguised PowerShell command into the user's clipboard. When the victim pastes into the Explorer address bar, the malicious command executes. This attack relies not on software vulnerabilities but on exploiting routine user actions and trust.