Security News > 2021 > January > Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.
This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.
The deobfuscated command executed by the macro, shown below, uses the finger command to download a Base64 encoded certificate from a remote server and saves it as %AppData%vUCooUr.
The certificate retrieved via the finger command is a base64 encoded malware downloader malware executable.
Once executed, the downloader will download a TeamViewer executable and use DLL hijacking to sideload a malicious DLL, the MineBridge malware.
As Finger is rarely used today, it is suggested that administrators block the Finger command on their network, whether through AppLocker or other methods.
News URL
Related news
- Astaroth Banking Malware Resurfaces in Brazil via Spear-Phishing Attack (source)
- North Korean ScarCruft Exploits Windows Zero-Day to Spread RokRAT Malware (source)
- Bumblebee and Latrodectus Malware Return with Sophisticated Phishing Strategies (source)
- Russia targets Ukrainian conscripts with Windows, Android malware (source)
- Windows infected with backdoored Linux VMs in new phishing attacks (source)
- New SteelFox malware hijacks Windows PCs using vulnerable driver (source)
- New CRON#TRAP Malware Infects Windows by Hiding in Linux VM to Evade Antivirus (source)
- Russian Hackers Exploit New NTLM Flaw to Deploy RAT Malware via Phishing Emails (source)