Hackers have begun using the old Internet protocol Finger, created nearly 40 years ago, in new attacks using ClickFix malware. Finger is long outdated and rarely used, but its client program is still available on Windows.
Finger was originally used to view general information about users on Unix systems. Nowadays, it is used by hackers as a tool to secretly execute commands, since built-in system programs usually do not raise suspicions about security solutions.
The attack begins by deceiving the user: a fake window appears on the screen, reminiscent of the “I'm not a robot” check. That person was persuaded to execute the command to activate the Finger program. The computer then contacts the attacker's server and receives an automated malicious script instead of regular data.
The script downloads files disguised as documents and installs malware. These include password and browser data stealing tools as well as Trojans. To maintain its presence on the system, the virus will add itself to the boot process.
