The Windows 10 finger command is used to display all information about the user’s system on a remote machine, but the feature is being abused by hackers to infect computers with malware. A report from Bleeping Computer shows that the command can be used to download the MineBridge malware on an unsuspecting user’s device.
A security researcher at Bleeping Computer, Kirk Sayre, identified a new phishing campaign being conducted using the Windows 10 finger command. It involves sending a job resume from a supposed candidate, but when the victim clicks on it, it runs a macro that uses the Finger command to download a disguised malware executable.
This triggers the downloader to use DLL hijacking to sideload the MineBridge malware.
This is not the first time the MineBridge malware has been spotted in the wild. In early 2020, researchers found the same malware being used in phishing campaigns against financial services firms in the US. The phishing campaign involved the same fraudulent job application approach back then as well.
However, since the Finger command is rarely used, it is unlikely that a lot of systems are in danger from this exploit. Regardless, it would be a good idea for administrators to block the command in order to prevent unauthorized third-party access from cyber attacks.
