A new cybersecurity incident has been identified where threat actors deployed a previously unseen variant of the Interlock Remote Access Trojan (RAT). The attack chain, detailed in a recent report, began with a trojanized software utility named KongTuke FileFix being used as the initial access vector.

The campaign successfully delivered its malicious payload by tricking users into running the deceptive software. This incident highlights the use of legitimate-appearing applications to initiate sophisticated malware infections.

Initial Compromise via KongTuke FileFix

The initial point of compromise was the execution of KongTuke FileFix. This application was presented as a legitimate tool for repairing corrupted files. Upon execution, the software performed its overt function to avoid suspicion, but it also initiated a series of malicious actions in the background. The primary malicious function of KongTuke FileFix was to act as a dropper for the next stage of the attack. It was responsible for writing the Interlock RAT payload to the disk and creating a scheduled task to establish persistence on the compromised system. This ensured the malware would execute automatically after a system reboot.

Interlock RAT Variant: Deployment and Capabilities

Once persistence was achieved, the scheduled task executed the new Interlock RAT variant. This updated version of the malware exhibited several functionalities designed for stealth and control. Analysis showed the RAT communicating with a command-and-control (C2) server using a custom binary protocol over TCP port 443. This method was used to blend its traffic with legitimate encrypted web traffic. Observed capabilities of the Interlock RAT included remote command execution, file system enumeration, and the exfiltration of sensitive data from the victim’s machine. The malware was specifically observed gathering system information and user credentials before packaging them for transfer to the actor-controlled C2 infrastructure.

Source: https://thedfirreport.com/2025/07/14/kongtuke-filefix-leads-to-new-interlock-rat-variant/