Security researcher Kirk Sayre discovered the new phishing campaign using the Finger Command to infect Windows 10 device with malware. Finger command is used display information about users on the remote machine but can be used to download MineBridge malware on an unsuspecting victim’s device. It works in this way:
- The victim received the phishing email containing the document;
- The victim then clicks to enable editing the document, a macro will run that uses the Finger Command to download a Base64 encoded certificate that is actually a malware executable;
- The downloader then uses DLL hijacking to sideload the MineBridge malware.