{"id":14081,"date":"2025-12-12T20:54:08","date_gmt":"2025-12-12T17:54:08","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=14081"},"modified":"2025-12-12T20:54:09","modified_gmt":"2025-12-12T17:54:09","slug":"filefix-attack-windows-file-explorer","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/filefix-attack-windows-file-explorer\/14081\/","title":{"rendered":"FileFix: Yeni bir ClickFix varyasyonu"},"content":{"rendered":"<p>K\u0131sa bir s\u00fcre \u00f6nce <a href=\"https:\/\/www.kaspersky.com\/blog\/what-is-clickfix\/53348\/\" target=\"_blank\" rel=\"noopener nofollow\">ClickFix tekni\u011fini ele ald\u0131k<\/a>. \u015eimdi, k\u00f6t\u00fc niyetli akt\u00f6rler, ara\u015ft\u0131rmac\u0131lar taraf\u0131ndan \u201cFileFix\u201d olarak adland\u0131r\u0131lan yeni bir varyant\u0131n\u0131 kullanmaya ba\u015flad\u0131lar. Temel ilke ayn\u0131 kal\u0131yor: Sosyal m\u00fchendislik taktikleri kullanarak kurban\u0131, kendi cihaz\u0131nda fark\u0131nda olmadan k\u00f6t\u00fc ama\u00e7l\u0131 kod \u00e7al\u0131\u015ft\u0131rmaya ikna etmek. ClickFix ile FileFix aras\u0131ndaki fark, esasen komutun nerede y\u00fcr\u00fct\u00fcld\u00fc\u011f\u00fcd\u00fcr.<\/p>\n<p>ClickFix ile sald\u0131rganlar, kurban\u0131 Windows \u00c7al\u0131\u015ft\u0131r ileti\u015fim kutusunu a\u00e7maya ve i\u00e7ine k\u00f6t\u00fc ama\u00e7l\u0131 bir komut yap\u0131\u015ft\u0131rmaya ikna ederlerken FileFix ile, kurban\u0131 Windows Dosya Gezgini adres \u00e7ubu\u011funa bir komut yap\u0131\u015ft\u0131rmaya y\u00f6nlendirirler. Kullan\u0131c\u0131 a\u00e7\u0131s\u0131ndan bak\u0131ld\u0131\u011f\u0131nda, bu eylem ola\u011fand\u0131\u015f\u0131 g\u00f6r\u00fcnmez \u00e7\u00fcnk\u00fc Dosya Gezgini penceresi tan\u0131d\u0131k bir \u00f6\u011fe oldu\u011fundan, kullan\u0131m\u0131 tehlikeli olarak alg\u0131lanma olas\u0131l\u0131\u011f\u0131 daha d\u00fc\u015f\u00fckt\u00fcr. Sonu\u00e7 olarak, bu \u00f6zel takti\u011fe a\u015fina olmayan kullan\u0131c\u0131lar\u0131n, FileFix tuza\u011f\u0131na d\u00fc\u015fme olas\u0131l\u0131klar\u0131 \u00e7ok daha y\u00fcksektir.<\/p>\n<h2>Sald\u0131rganlar kurban\u0131 manip\u00fcle ederek nas\u0131l kendi kodlar\u0131n\u0131 \u00e7al\u0131\u015ft\u0131rmalar\u0131n\u0131 sa\u011flarlar?<\/h2>\n<p>ClickFix\u2019e benzer \u015fekilde FileFix sald\u0131r\u0131s\u0131 da, bir kullan\u0131c\u0131, genellikle kimlik av\u0131 e-postas\u0131 yoluyla, baz\u0131 yasal \u00e7evrimi\u00e7i hizmetlerin web sitesini taklit eden bir sayfaya y\u00f6nlendirildi\u011finde ba\u015flar. Sahte site, hizmetin normal i\u015flevlerine eri\u015fimi engelleyen bir hata mesaj\u0131 g\u00f6r\u00fcnt\u00fcler. Sorunu \u00e7\u00f6zmek i\u00e7in, kullan\u0131c\u0131ya \u201cortam kontrol\u00fc\u201d veya \u201ctan\u0131\u201d i\u015flemi i\u00e7in bir dizi ad\u0131m\u0131 ger\u00e7ekle\u015ftirmesi gerekti\u011fi s\u00f6ylenir.<\/p>\n<p>Bunu yapmak i\u00e7in, kullan\u0131c\u0131ya sald\u0131rganlar\u0131n s\u00f6yledi\u011fine g\u00f6re kurban\u0131n bilgisayar\u0131nda zaten bulunan veya yeni indirilmi\u015f olan belirli bir dosyay\u0131 \u00e7al\u0131\u015ft\u0131rmas\u0131 gerekti\u011fi s\u00f6ylenir. Kullan\u0131c\u0131n\u0131n yapmas\u0131 gereken tek \u015fey, yerel dosyan\u0131n yolunu kopyalay\u0131p Windows Dosya Gezgini adres \u00e7ubu\u011funa yap\u0131\u015ft\u0131rmakt\u0131r. Ger\u00e7ekten de kullan\u0131c\u0131n\u0131n dizgiyi kopyalamas\u0131 istenen alan, dosyan\u0131n yolunu g\u00f6sterir, bu nedenle sald\u0131r\u0131 \u201cFileFix\u201d olarak adland\u0131r\u0131lm\u0131\u015ft\u0131r. Kullan\u0131c\u0131ya daha sonra Dosya Gezgini\u2019ni a\u00e7mas\u0131, [CTRL] + [L] tu\u015flar\u0131na basarak adres \u00e7ubu\u011funa odaklanmas\u0131, [CTRL] + [V] tu\u015flar\u0131yla \u201cdosya yolunu\u201d yap\u0131\u015ft\u0131rmas\u0131 ve [ENTER] tu\u015funa basmas\u0131 talimat\u0131 verilir.<\/p>\n<p>\u0130\u015fte p\u00fcf noktas\u0131: G\u00f6r\u00fcn\u00fcr dosya yolu, \u00e7ok daha uzun bir komutun sadece son birka\u00e7 d\u00fczine karakterinden ibarettir. Dosya yolunun \u00f6n\u00fcnde bir dizi bo\u015fluk bulunur ve bunun \u00f6n\u00fcnde sald\u0131rganlar\u0131n y\u00fcr\u00fctmeyi ama\u00e7lad\u0131klar\u0131 ger\u00e7ek k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fck bulunur. Bu bo\u015fluklar, kullan\u0131c\u0131 komutu yap\u0131\u015ft\u0131rd\u0131ktan sonra \u015f\u00fcpheli bir \u015fey g\u00f6rmemesi ad\u0131na, \u00e7ok \u00f6nemlidir. Tam dize, adres \u00e7ubu\u011funun g\u00f6r\u00fcn\u00fcr alan\u0131ndan \u00f6nemli \u00f6l\u00e7\u00fcde daha uzun oldu\u011fu i\u00e7in, yaln\u0131zca zarars\u0131z dosya yolu g\u00f6r\u00fcn\u00fcr kal\u0131r. Ger\u00e7ek i\u00e7erik, bilgiler Dosya Gezgini penceresi yerine bir metin dosyas\u0131na yap\u0131\u015ft\u0131r\u0131ld\u0131\u011f\u0131nda ortaya \u00e7\u0131kar. \u00d6rne\u011fin, Expel\u2019in ara\u015ft\u0131rmas\u0131na dayanan <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-filefix-attack-uses-cache-smuggling-to-evade-security-software\/\" target=\"_blank\" rel=\"noopener nofollow\">Bipleyen Bilgisayar<\/a> makalesinde, ger\u00e7ek komutun conhost.exe arac\u0131l\u0131\u011f\u0131yla bir PowerShell komut dosyas\u0131n\u0131 ba\u015flatt\u0131\u011f\u0131 tespit edildi.<\/p>\n<div id=\"attachment_14085\" style=\"width: 1610px\" class=\"wp-caption aligncenter\"><a href=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/12\/12205022\/filefix-attack-windows-file-explorer-3.jpg\"><img loading=\"lazy\" decoding=\"async\" aria-describedby=\"caption-attachment-14085\" class=\"size-full wp-image-14085\" src=\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/91\/2025\/12\/12205022\/filefix-attack-windows-file-explorer-3.jpg\" alt=\"Gizli k\u00f6t\u00fc ama\u00e7l\u0131 komut \u00f6rne\u011fi\" width=\"1600\" height=\"474\"><\/a><p id=\"caption-attachment-14085\" class=\"wp-caption-text\">Kullan\u0131c\u0131 bir dosya yolunu yap\u0131\u015ft\u0131rd\u0131\u011f\u0131n\u0131 san\u0131yor, ancak komut asl\u0131nda bir PowerShell komut dosyas\u0131 i\u00e7eriyor. <a href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/new-filefix-attack-uses-cache-smuggling-to-evade-security-software\/\" target=\"_blank\" rel=\"noopener nofollow\"> Kaynak <\/a><\/p><\/div>\n<h2>K\u00f6t\u00fc ama\u00e7l\u0131 komut dosyas\u0131 \u00e7al\u0131\u015ft\u0131r\u0131ld\u0131ktan sonra ne olur?<\/h2>\n<p>Ger\u00e7ek bir kullan\u0131c\u0131 taraf\u0131ndan y\u00fcr\u00fct\u00fclen bir PowerShell komut dosyas\u0131, bir\u00e7ok \u015fekilde sorunlara neden olabilir. Her \u015fey kurumsal g\u00fcvenlik ilkelerine, belirli kullan\u0131c\u0131n\u0131n ayr\u0131cal\u0131klar\u0131na ve kurban\u0131n bilgisayar\u0131nda g\u00fcvenlik \u00e7\u00f6z\u00fcmlerinin bulunup bulunmamas\u0131na ba\u011fl\u0131d\u0131r. Daha \u00f6nce bahsedilen <a href=\"https:\/\/expel.com\/blog\/cache-smuggling-when-a-picture-isnt-a-thousand-words\/\" target=\"_blank\" rel=\"noopener nofollow\">durumda<\/a>, sald\u0131r\u0131 \u201c\u00f6nbellek ka\u00e7ak\u00e7\u0131l\u0131\u011f\u0131\u201d adl\u0131 bir teknik kullanm\u0131\u015ft\u0131r. FileFix hilesi uygulayan ayn\u0131 sahte web sitesi, taray\u0131c\u0131n\u0131n \u00f6nbelle\u011fine JPEG format\u0131nda bir dosya kaydetti, ancak dosya asl\u0131nda k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m i\u00e7eren bir ar\u015fiv i\u00e7eriyordu. K\u00f6t\u00fc ama\u00e7l\u0131 komut dosyas\u0131 daha sonra bu k\u00f6t\u00fc ama\u00e7l\u0131 yaz\u0131l\u0131m\u0131 \u00e7\u0131kard\u0131 ve kurban\u0131n bilgisayar\u0131nda \u00e7al\u0131\u015ft\u0131rd\u0131. Bu y\u00f6ntem, son k\u00f6t\u00fc ama\u00e7l\u0131 y\u00fck\u00fcn a\u00e7\u0131k dosya indirmeleri veya \u015f\u00fcpheli a\u011f istekleri olmadan bilgisayara teslim edilmesini sa\u011flar, bu da onu \u00f6zellikle gizli hale getirir.<\/p>\n<h2>ClickFix ve FileFix sald\u0131r\u0131lar\u0131na kar\u015f\u0131 \u015firketinizi nas\u0131l koruyabilirsiniz?<\/h2>\n<p>ClickFix sald\u0131r\u0131 tekni\u011fi hakk\u0131ndaki yaz\u0131m\u0131zda, en basit savunma y\u00f6nteminin i\u015f cihazlar\u0131nda [Win] + [R] tu\u015f kombinasyonunu engellemek oldu\u011funu \u00f6nermi\u015ftik. Tipik bir ofis \u00e7al\u0131\u015fan\u0131n\u0131n Ger\u00e7ekten \u00c7al\u0131\u015ft\u0131r ileti\u015fim kutusunu a\u00e7mas\u0131 gereken durumlar son derece nadirdir. FileFix durumunda ise durum biraz daha karma\u015f\u0131kt\u0131r; adres \u00e7ubu\u011funa bir komut kopyalamak tamamen normal bir kullan\u0131c\u0131 davran\u0131\u015f\u0131d\u0131r.<\/p>\n<p>[CTRL] + [L] k\u0131sayolunu engellemek genellikle iki nedenden dolay\u0131 istenmez. \u0130lk olarak, bu kombinasyon \u00e7e\u015fitli yasal ama\u00e7lar i\u00e7in farkl\u0131 uygulamalarda s\u0131kl\u0131kla kullan\u0131lmaktad\u0131r. \u0130kincisi, kullan\u0131c\u0131lar fareyle t\u0131klayarak Dosya Gezgini adres \u00e7ubu\u011funa eri\u015fmeye devam edebilecekleri i\u00e7in bu \u00e7\u00f6z\u00fcm tam olarak yard\u0131mc\u0131 olmayacakt\u0131r. Sald\u0131rganlar, klavye k\u0131sayolu ba\u015far\u0131s\u0131z olursa kullan\u0131c\u0131lara genellikle ayr\u0131nt\u0131lar sa\u011flar.<\/p>\n<p>Bu nedenle, ClickFix, FileFix ve benzeri sald\u0131r\u0131lara kar\u015f\u0131 ger\u00e7ekten etkili bir savunma i\u00e7in, \u00f6ncelikle t\u00fcm \u00e7al\u0131\u015fanlar\u0131n i\u015f cihazlar\u0131na, tehlikeli kodlar\u0131 zaman\u0131nda alg\u0131lay\u0131p engelleyebilen <a href=\"https:\/\/www.kaspersky.com.tr\/next?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kdaily_wpplaceholder_sm-team___knext____99cf0f930d9987ff\" target=\"_blank\" rel=\"noopener\">etkili bir g\u00fcvenlik \u00e7\u00f6z\u00fcm\u00fc<\/a> kurman\u0131z\u0131 \u00f6neririz.<\/p>\n<p>\u0130kinci olarak, \u00e7al\u0131\u015fanlar\u0131n modern siber tehditler, \u00f6zellikle ClickFix ve FileFix senaryolar\u0131nda kullan\u0131lan sosyal m\u00fchendislik y\u00f6ntemleri hakk\u0131nda d\u00fczenli olarak bilgilendirilmesini tavsiye ederiz. <a href=\"https:\/\/k-asap.com\/tr\/?icid=tr_kdailyplacehold_acq_ona_smm__onl_b2b_kasperskydaily_wpplaceholder_______&amp;utm_source=kdaily&amp;utm_medium=blog&amp;utm_campaign=tr_wpplaceholder_nv0092&amp;utm_content=link&amp;utm_term=tr_kdaily_organic_avmwswubv8qh92b\" target=\"_blank\" rel=\"noopener\">Kaspersky Automated Security Awareness Platform<\/a>, \u00e7al\u0131\u015fanlar\u0131n e\u011fitimini otomatikle\u015ftirmeye yard\u0131mc\u0131 olabilir.<\/p>\n<input type=\"hidden\" class=\"category_for_banner\" value=\"kasap\">\n","protected":false},"excerpt":{"rendered":"<p>K\u00f6t\u00fc niyetli ki\u015filer, \u201cFileFix\u201d adl\u0131 ClickFix tekni\u011finin yeni bir varyasyonunu kullanmaya ba\u015flad\u0131. Bu yaz\u0131m\u0131zda bunun nas\u0131l \u00e7al\u0131\u015ft\u0131\u011f\u0131n\u0131 ve \u015firketinizi nas\u0131l koruyabilece\u011finizi a\u00e7\u0131kl\u0131yoruz.<\/p>\n","protected":false},"author":2726,"featured_media":14083,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194,1727],"tags":[2797,2827,1274,1660,1749,537,113],"class_list":{"0":"post-14081","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"category-smb","10":"tag-clickfix","11":"tag-filefix","12":"tag-is","13":"tag-sosyal-muhendislik","14":"tag-tarayicilar","15":"tag-tehditler","16":"tag-windows"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/filefix-attack-windows-file-explorer\/14081\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/filefix-attack-windows-file-explorer\/29814\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/filefix-attack-windows-file-explorer\/24884\/"},{"hreflang":"ar","url":"https:\/\/me.kaspersky.com\/blog\/filefix-attack-windows-file-explorer\/13034\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/filefix-attack-windows-file-explorer\/29701\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/filefix-attack-windows-file-explorer\/28791\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/filefix-attack-windows-file-explorer\/31673\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/filefix-attack-windows-file-explorer\/30319\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/filefix-attack-windows-file-explorer\/40857\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/filefix-attack-windows-file-explorer\/54752\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/filefix-attack-windows-file-explorer\/23419\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/filefix-attack-windows-file-explorer\/24526\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/filefix-attack-windows-file-explorer\/32969\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/filefix-attack-windows-file-explorer\/29938\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/filefix-attack-windows-file-explorer\/35648\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/filefix-attack-windows-file-explorer\/35276\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/sosyal-muhendislik\/","name":"sosyal m\u00fchendislik"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14081","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2726"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=14081"}],"version-history":[{"count":4,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14081\/revisions"}],"predecessor-version":[{"id":14086,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/14081\/revisions\/14086"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/14083"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=14081"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=14081"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=14081"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}