An attack called FileFix is masquerading as a Facebook security alert before ultimately dropping the widely used StealC infostealer and malware downloader.

FileFix is a variation on ClickFix , a newish type of social-engineering technique first spotted last year that tricks victims into running malware on their own devices using fake fixes and login prompts. These types of attacks have surged by 517 percent in the past six months, according to researchers at antivirus and internet security software vendor ESET, making them second most common attack vector behind phishing.

ClickFix typically asks the victim to perform a fake CAPTCHA test . FileFix tricks the user into copying and pasting a command into a Windows Run Dialog or File Explorer, which after victims press Enter executes the pay

See Full Page