FileFix Malware Trick Opens the Door for Smarter Cyber Attacks Through Fake CAPTCHAs

A Dangerous Upgrade in Hacking Tools

A dangerous hacking group called the Interlock ransomware gang has changed the way it attacks people online. They have now started using a new tool that is even more powerful than before. Earlier, they used something called a Remote Access Trojan (or RAT) built with JavaScript and Node.js. But now, they are using a version built in PHP, a programming language used for websites. This change means the virus can now target more computers and work in newer, smarter ways.

This new version was first spotted in June 2025, and it is linked to a criminal group called KongTuke, also known as LandUpdate808. These groups have been very active in recent months. They are using this PHP-based RAT to take control of people’s systems quietly.

The malware is very smart. Once it is inside a computer, it starts checking everything about the machine. It gathers details about the user, the programs running, and the network the computer is connected to. This information is packed neatly in a format called JSON and then sent back to the hackers. After this, the malware can download and run more dangerous files. These files can cause even more problems.

The RAT can also allow hackers to move around the system by hand. This means real people are exploring the system, not just software. They look at important files, accounts, and even servers inside companies. It’s like a thief walking freely inside your house and opening every cupboard.

The FileFix Malware Trick: How They Fool You

To spread this malware, Interlock has started using a sneaky new trick called FileFix. This is a newer version of an older trick they used, known as ClickFix.

Hackers first break into real websites without the site owner knowing. Then, they add hidden code to the site. When someone visits the infected website, they see a fake CAPTCHA. This is the kind of test you see online that asks, “Are you human?” But this one is fake.

The victim is told to copy a command and run it on their computer to pass the test. This command is actually very dangerous. It runs a PowerShell script, a tool used in Windows to control the system. Once the script runs, it secretly installs the PHP-based RAT, giving the hackers full control over the system.

This trick is dangerous because it looks very normal. Many people would think the CAPTCHA is real and do what it says. But doing this gives hackers a way into the computer.

Hard to Catch and Tough to Stop

One of the worst parts about this new malware is how hard it is to catch. The RAT is built to hide very well and keep working, even when people try to stop it.

The malware connects to the hackers using something called a Cloudflare Tunnel. This service hides the real location of the server the malware talks to. It uses a website called trycloudflare.com, which looks safe and normal. Because of this, security tools often miss it.

New EU Law Unleashes Consumer Power—Mass Lawsuits Aim to Cripple Facebook, TikTok & Microsoft

But even if this tunnel stops working, the malware is ready. It has backup IP addresses built in. This means it can still talk to the hackers even if the main path is blocked.

The RAT can also run many commands sent by the attackers. It can make changes to your computer so it stays installed even after you restart. It can also shut itself down when needed, making it harder to detect or study.

This shows how powerful and smart the new Interlock malware is. It does not only sneak into systems—it knows how to stay, hide, and do damage without getting noticed.

 

Renuka Bangale
Renuka Bangale
Renuka is a distinguished Chartered Accountant and a Certified Digital Threats Analyst from Riskpro, renowned for her expertise in cybersecurity. With a deep understanding of cybercrimes, malware, cyber warfare, and espionage, she has established herself as an authority in the field. Renuka combines her financial acumen with advanced knowledge of digital threats to provide unparalleled insights into the evolving landscape of information security. Her analytical prowess enables her to dissect complex cyber incidents, offering clarity on risks and mitigation strategies. As a key contributor to Newsinterpretation’s information security category, Renuka delivers authoritative articles that educate and inform readers about emerging threats and best practices.

TOP 10 TRENDING ON NEWSINTERPRETATION

WestJet Reveals Passenger Data Breach Raising Security Concerns

Suspicious Activity Detected in June Canadian airline WestJet has confirmed...

Japanese beer giant Asahi confirms cyberattack halts shipping and ordering in Japan temporarily

Japanese beer giant Asahi has confirmed a cyber attack...

Leaked emails expose Epstein’s secret hand in Israel–Mongolia security pact with Barak

A new set of leaked emails shows Jeffrey Epstein...

Award stage turns battlefield as Harris brands Trump an unchecked, incompetent and unhinged President

Kamala Harris, the former vice president and 2024 Democratic...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Federal firepower hits AOC’s Queens district as FBI targets Roosevelt Avenue crime empire

The FBI has moved into action in Queens, New...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

South Korea reels from wave of cyberattacks — nearly 1 million personal records stolen in 2025

Cyberattacks on South Korea’s state agencies have reached alarming...

Kristi Noem Accused of Rushing Millions to Florida Pier Near Rumored Lover’s Home

Homeland Security Secretary Kristi Noem faces serious questions. A...

WestJet Reveals Passenger Data Breach Raising Security Concerns

Suspicious Activity Detected in June Canadian airline WestJet has confirmed...

Newsom office doubles down on fascist label for Miller citing his political actions and views

Newsom’s Office Takes a Bold Stance California Governor Gavin Newsom’s...

The privacy-first app that just blew past 350,000 new users a day

Explosive Growth Surprises Users Arattai, the messaging app developed by...

Book bombshell: Harris says Newsom never called back after dismissive ‘Hiking’ message

Former Vice President Kamala Harris is making headlines again,...

Related Articles

Popular Categories

error: Content is protected !!