Hackers Combine Cache, FileFix in Stealthy Malware Push

Hackers combine cache FileFix techniques in a new phishing campaign that uses deceptive FortiClient pages and browser caching to bypass detection. Cybersecurity analysts found that attackers trick users into pasting commands into Windows Explorer’s address bar, exploiting a 2048-character entry limit to deliver larger payloads than possible in traditional ClickFix attacks.

The campaign hides PowerShell scripts behind padded spaces, making the commands appear harmless. Hackers combine cache FileFix methods with a tactic called cache smuggling, which disguises malware as images and stores it in browser caches. This allows the malware to avoid traditional network-based detection.

Researchers also uncovered an advanced variant using Exif metadata fields in JPG images to conceal malicious code. The images remain fully functional and bypass content-type validations. Tests show the technique can deliver payloads through email attachments, even when messages remain unopened.

For full details on the campaign’s structure and technical methods, read the official article at

Threat Actors Merging FileFix and Cache Smuggling Attacks to Evade Security Controls