Threat actors behind the Interlock ransomware group have unleashed a new PHP variant of its bespoke remote access trojan (RAT) as part of a widespread campaign using a variant of ClickFix called FileFix. "Since May 2025, activity related to the Interlock RAT has been observed in connection with the LandUpdate808 (aka KongTuke) web-inject threat clusters," The DFIR Report said in a technical
![]()
source https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html
source https://thehackernews.com/2025/07/new-php-based-interlock-rat-variant.html