Skip to main content Tom's Guide Tom's Guide Search Tom's Guide View Profile Newsletters Best Picks Entertainment Prime Day Deals Switch 2 Restock Galaxy Z Fold 7 Wordle Today Best Mattress Best laptops Recommended reading Malware & Adware Macs under threat from new malware campaign impersonating major ISP — how to stay safe Malware & Adware FBI issues warning — hackers are using fake PDF converters to spread malware and steal your passwords Online Security Hackers are using this to spread dangerous malware just in time for summer travel season Online Security New QR code threat can infect your phone as soon as you scan Malware & Adware Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now Online Security 12 computer security mistakes you're probably making — and what to do instead Malware & Adware Hackers are using Zoom to spread malware and take over PCs — here’s how to stay safe Online Security Malware & Adware New FileFix attack brings ClickFix social engineering to Windows File Explorer — how to stay safe Amber Bouman 24 June 2025 This malware now has a new way to trick you When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works. (Image credit: Shutterstock) Developed by cybersecurity researcher, mr. d0x, a FileFix attack is a new version of the ever popular ClickFix social engineering tool. For those unfamiliar with ClickFix, it tricks users into executing malicious commands by convincing them that they need to ‘fix’ something in order to complete a task on their machines. As reported by BleepingComputer, this new FileFix method uses the Windows File Explorer address bar instead. Mr.d0x not only discovered the new method but has demonstrated that it can be used in attacks to target company employees via the same social engineering techniques that have proven highly successful with ClickFix. You may like Macs under threat from new malware campaign impersonating major ISP — how to stay safe FBI issues warning — hackers are using fake PDF converters to spread malware and steal your passwords Hackers are using this to spread dangerous malware just in time for summer travel season ClickFix attacks, which have surged in popularity recently, are browser-based and use a variety of tactics to get victims to click on a button in their browser that will copy a command to their Windows clipboard. The victim is then told to paste the command into PowerShell or prompted to perform an additional command in order to “fix” the issue. This is frequently seen as a reCAPTCHA or an error that needs to be corrected via the Win+R Run Dialog. It has proven to be an extremely effective malware tool, used to spread dangerous infostealers and launch ransomware attacks. The FileFix update created by mr.d0x is similar to a typical ClickFix attack but pastes the command into Windows File Explorer, which many users are more comfortable using. File Explorer can also execute operating system commands which means it has a functional upload feature; the ‘trick’ portion of the attack is that it no longer requires an error or an issue as a lure and may simply appear as a notification for a shared file that the user needs to locate through File Explorer. FileFix is a phishing page that includes an ‘Open Fixe Explorer’ button that will launch File Explorer through the file upload functionality and copy the PowerShell command to the clipboard. The fake path is initially seen in the Fixe Explorer address bar, which hides the malicious command and then executes it. Sign up to get the BEST of Tom's Guide direct to your inbox. Get instant access to breaking news, the hottest reviews, great deals and helpful tips. Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over. How to stay safe from ClickFix attacks (Image credit: Getty Images) The ClickFix tactic that’s currently being used in more and more in attacks is working due to the fact that it’s able to bypass the best antivirus software and many other security tools. The reason for this is that victims end up doing most of the heavy lifting themselves as the hackers behind this and similar campaigns use social engineering to coerce them into taking action. The hackers behind this and similar campaigns use your preexisting knowledge and online habits to get you to do something you otherwise normally wouldn't. They might also use a sense of urgency to get you to visit one of the malicious sites used in this campaign. If you do see a verification pop-up with instructions, close the website immediately and whatever you do, don’t interact with it or follow its instructions. Being asked to open a Terminal or Command Prompt window on your computer is a major red flag. However, not everyone is as tech savvy which is why you should share what you’ve learned with both older and younger family members, friends and colleagues to help keep them safe, too. More from Tom's Guide SparkKitty spyware caught stealing photos on iPhone and Android — and the reason might surprise you 7 online scams that can leave you broke, exposed, and feeling helpless — how to stay safe Over 700K people hit in major healthcare data breach — full names, SSNs, medical info and more exposed Today's Norton 360 with LifeLock deals 61% off - 1st year Norton 360 with LifeLock Select - Norton 360 with LifeLock Advantage - Norton 360 with LifeLock Ultimate Plus We check over 250 million products every day for the best prices See more Computing News Amber Bouman Social Links Navigation Senior Editor Security Amber Bouman is the senior security editor at Tom's Guide where she writes about antivirus software, home security, identity theft and more. She has long had an interest in personal security, both online and off, and also has an appreciation for martial arts and edged weapons. With over two decades of experience working in tech journalism, Amber has written for a number of publications including PC World, Maximum PC, Tech Hive, and Engadget covering everything from smartphones to smart breast pumps. You must confirm your public display name before commenting Please logout and then login again, you will then be prompted to enter your display name. Macs under threat from new malware campaign impersonating major ISP — how to stay safe FBI issues warning — hackers are using fake PDF converters to spread malware and steal your passwords Hackers are using this to spread dangerous malware just in time for summer travel season New QR code threat can infect your phone as soon as you scan Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now 12 computer security mistakes you're probably making — and what to do instead Latest in Malware & Adware SparkKitty spyware caught stealing photos on iPhone and Android — and the reason might surprise you Godfather malware is now hijacking legitimate banking apps — and you won’t see it coming Major Windows Secure Boot flaw can be used by hackers to install bootkit malware — update your PC right now Macs under threat from new malware campaign impersonating major ISP — how to stay safe Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe AirPlay flaw exposes all Apple devices to hacking over Wi-Fi — what you need to know Latest in News Sling TV has a new promotion aimed at fixing one of its biggest problems — but there's a catch Samsung Galaxy Z Fold 7 and Z Flip 7 prices leaked — and it's worse than we expected OpenAI court filings just revealed new details on AI device with Jony Ive iOS 26 beta 2 is live — here’s the biggest changes for your iPhone Netflix just lost 'Dexter' at the worst time — here's where you can stream it before 'Resurrection' Prime Day graphics card deals are trash — here are the GPUs I'd actually buy LATEST ARTICLES Samsung's new Frame Pro gets first price cut ahead of Prime Day Target's 4th of July sale is live — 21 summer deals I'm adding to my cart Brooklyn Bedding Copperflex Pro Hybrid vs Purple Mattress: Which cooling mattress is best for couples? iOS 26 beta 2 is live — here’s the biggest changes for your iPhone This face sculpting tool is on sale for a limited time and it's the perfect addition to my nighttime routine Tom's Guide is part of Future US Inc, an international media group and leading digital publisher. Visit our corporate site. Terms and conditions Contact Future's experts Privacy policy Cookies policy Accessibility Statement Advertise with us Future US, Inc. Full 7th Floor, 130 West 42nd Street, Please login or signup to comment Please wait...