Threat actors are manipulating an ordinary Windows 10 tool to infect victims’ computers with the malicious MineBridge malware…
The Windows Finger command is typically used to display information about users on a remote machine. But, hackers have discovered a way to exploit the tool to infect Windows 10 devices with malware. Security experts have found that the command can be manipulated to install malicious code onto an unsuspecting victim’s machine through a clever trick.
Cyber-Criminals are Exploiting the Windows Finger Command to Deploy MineBridge Malware
Bleeping Computer recently reported that security researcher Kirk Sayre has identified a new phishing campaign that misuses the Finger Command. The scheme involves sending a job resume from a supposed candidate. When the target victim clicks to enable editing on the document, it triggers a macro to run, using the Finger Command, which downloads a Base64 encoded certificate which is actually malware executable. Then installer then uses DLL hijacking to sideload the MineBridge malware.
The MineBridge malware was first identified by security experts at FireEye about a year ago. Initially, it targeted financial services firms located in the United States. Like the current iteration, the previous scam also used a fraudulent job application. However, the goal remains the same — to deploy malware for a number of nefarious reasons, including stealing sensitive personal information.