Hackers abusing this perfectly innocent Windows 10 feature to infect machines

The Windows Finger command is being misused for malware

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The Windows Finger command that is used to display information about users on a remote machine is being abused by cyberattackers to infectWindows 10devices with malware. It has been discovered that the command can be misused to download the MineBridge malware on an unsuspecting victim’s device.

Bleeping Computer reports that security researcher Kirk Sayre identified a new phishing campaign using the Finger Command. The campaign involves the sending of a job resume from a supposed candidate.

When a victim then clicks to enable editing on the document, a macro will run that uses the Finger Command to download a Base64 encoded certificate that is actually a malware executable. The downloader then uses DLL hijacking to sideload the MineBridge malware.

The finger of blame

The MineBridge malware was first identified by security researchers atFireEyea year ago, with the campaign initially targeting financial services firms in the US. Back then, a phishing campaign involving a fraudulent job application was also used.

This is also not the first time that the Finger command has been repurposed to deliver malicious software to a victim’s device. Back in September, it was found that the Finger command could be used to bypass security controls in order to download malware remotely without triggering antivirus alerts.

Given that the Finger command is rarely used, it might be a good idea for system administrators to block the command in order to prevent devices from becoming infected with the MineBridge malware strain.

Given that phishing campaigns are becoming more popular as employees continue to work remotely, it is now even more essential that IT leaders put as many safeguards in place as they can.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleeping Computer

Barclay has been writing about technology for a decade, starting out as a freelancer with ITProPortal covering everything from London’s start-up scene to comparisons of the best cloud storage services.  After that, he spent some time as the managing editor of an online outlet focusing on cloud computing, furthering his interest in virtualization, Big Data, and the Internet of Things.

Cisco issues patch to fix serious flaw allowing possible industrial systems takeover

Washington state court systems taken offline following cyberattack

Owl Labs Meeting Owl 4+ review