HACKERS ABUSING THIS PERFECTLY INNOCENT WINDOWS 10 FEATURE TO INFECT MACHINES

Windows recently came with a new finger command feature through which users would be able to see the device information on a remote machine. Though it is a really great feature, hackers are using it to infect viruses and malwares into the system.

There have been reports that a malware named MineBridge gets downloaded on the victim’s device remotely.

There is a report by Bleeping Computer which states that there is a researcher named Kirk Sayre who has identified that a new campaign is going on where hackers are misusing the finger command. They just try to send a job resume to the victim and as soon as he clicks on the link, hackers are done.

The resume mail asks the victim to fill up a form for their job application. as soon as he clicks on editing the form to fill up details, a macro will start running which will use the finger command option to insert a malware into the victim’s system.

HOW IT STARTED

The MineBridge malware was firstly seen getting used by hackers to target financial services companies in the USA. The threat was identified by a security researcher at FireEye. Right after that, a phishing campaign started which involved a fake job offer with a very high salary that a person easily accepts and becomes a victim.

The finger command feature has been used previously also to do such illegal tasks. Last year also, some hackers used the software to bypass the firewall and antivirus to download and infect the malware into the system without making any alert to antivirus.

THE SOLUTION

As we are hearing a lot of phishing cases where the innocents get infected with malwares and viruses, the company should take it as a concern and start working on it to either improve and make it more secure or to remove it from the system so that this kind of incident does not happen in future.

As such cases are increasing day by day, the solutions to such problems should also be introduced. The IT leaders should make a move to safeguard the places where there are threats.

Have you ever been a victim of such fraudulent job applications?


Comments

Leave a Reply

Your email address will not be published. Required fields are marked *