Post

New PHP-Based Interlock RAT Variant Exploits FileFix Delivery Mechanism to Target Multiple Industries

Discover the latest Interlock ransomware campaign using a new PHP variant and FileFix delivery mechanism to target various industries. Stay informed about this emerging threat and its implications.

Posted
By Vitus White
1 min read
New PHP-Based Interlock RAT Variant Exploits FileFix Delivery Mechanism to Target Multiple Industries

TL;DR

The Interlock ransomware group has launched a new campaign featuring a PHP-based remote access trojan (RAT) variant. This variant leverages the FileFix delivery mechanism, a variant of ClickFix, and has been observed targeting multiple industries since May 2025. The campaign is linked to the LandUpdate808 (aka KongTuke) web-inject threat clusters.

New Interlock RAT Variant Targets Multiple Industries

The Interlock ransomware group has unveiled a new PHP-based variant of its bespoke remote access trojan (RAT) as part of a widespread campaign. This campaign utilizes a variant of ClickFix, known as FileFix, to deliver the malicious payload. Since May 2025, this new Interlock RAT variant has been actively targeting multiple industries1.

Connection to LandUpdate808 Threat Clusters

The activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters. This connection highlights the evolving tactics and strategies employed by threat actors to infiltrate and compromise various sectors1.

Implications and Future Outlook

The emergence of this new PHP-based Interlock RAT variant underscores the need for enhanced cybersecurity measures. Organizations across different industries must stay vigilant and implement robust defenses to protect against such advanced threats. As the landscape of cyber threats continues to evolve, proactive security strategies will be crucial in mitigating risks.

For more details, visit the full article: The Hacker News.

Conclusion

The new PHP-based Interlock RAT variant, utilizing the FileFix delivery mechanism, represents a significant threat to multiple industries. As cyber threats continue to evolve, it is essential for organizations to remain proactive in their cybersecurity strategies to safeguard against such advanced attacks.

References

  1. (2025, July 14). “New PHP-Based Interlock RAT Variant Uses FileFix Delivery Mechanism to Target Multiple Industries”. The Hacker News. Retrieved 2025-07-14. ↩︎ ↩︎2

Cybersecurity & Data Protection, Vulnerabilities
cybersecurity threat-intelligence ransomware
This post is licensed under CC BY 4.0 by the author.