Whether you are a security analyst looking for technical information on how the MineBridge malware works or an information security manager seeking advise on how to protect your organization from the malware, you are at the right place.
Threat actors are in constant search for innovative techniques to evade detection and inject malware onto the victim network. In one of the recent cyber-attacks, the Microsoft Windows Finger utility was abused to deliver the MineBridge payload. This command is generally used by network administrators to see the list of users on a remote machine in a network. However, security researchers identified a new methodology to convert Finger into a file loader and C&C server for the exfiltration of data. This attack chain utilises a known technique called “VBA Stomping” to evade detection.