The Windows Finger command that is used to display information about users on a remote machine is being abused by cyberattackers to infect Windows 10 devices with malware. It has been discovered that the command can be misused to download the MineBridge malware on an unsuspecting victim’s device.
Bleeping Computer reports that security researcher Kirk Sayre identified a new phishing campaign using the Finger Command. The campaign involves the sending of a job resume from a supposed candidate.
When a victim then clicks to enable editing on the document, a macro will run that uses the Finger Command to download a Base64 encoded certificate that is actually a malware executable. The downloader then uses DLL hijacking to sideload the MineBridge malware.
The finger of blame
The MineBridge malware was first identified by security researchers at FireEye a year ago, with the campaign initially targeting financial services firms in the US. Back then, a phishing campaign involving a fraudulent job application was also used.
This is also not the first time that the Finger command has been repurposed to deliver malicious software to a victim’s device. Back in September, it was found that the Finger command could be used to bypass security controls in order to download malware remotely without triggering antivirus alerts.
Given that the Finger command is rarely used, it might be a good idea for system administrators to block the command in order to prevent devices from becoming infected with the MineBridge malware strain.
Given that phishing campaigns are becoming more popular as employees continue to work remotely, it is now even more essential that IT leaders put as many safeguards in place as they can.
