Interlock ransomware has introduced a new PHP-based RAT delivered via the FileFix attack method, tricking users into executing malicious PowerShell commands through fake CAPTCHA prompts. This campaign uses compromised legitimate websites and Cloudflare Tunnel for stealthy C2 communication. The RAT conducts deep system reconnaissance and enables hands-on intrusion activities. It marks a significant escalation in Interlock’s tactics, combining advanced social engineering with persistent malware operations.
What’s new on HivePro
Get through updates and upcoming events, and more directly in your inbox
