{"id":225298,"date":"2025-11-18T01:16:25","date_gmt":"2025-11-18T07:16:25","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/11\/decades-old-finger-protocol-abused-in-clickfix-malware-attacks"},"modified":"2025-11-18T01:16:25","modified_gmt":"2025-11-18T07:16:25","slug":"decades-old-finger-protocol-abused-in-clickfix-malware-attacks","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/11\/decades-old-finger-protocol-abused-in-clickfix-malware-attacks","title":{"rendered":"Decades-old \u2018Finger\u2019 protocol abused in ClickFix malware attacks"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/decades-old-finger-protocol-abused-in-clickfix-malware-attacks.jpg\"><\/a><\/p>\n<p>The decades-old \u201cfinger\u201d command is making a comeback\u201e with threat actors using the protocol to retrieve remote commands to execute on Windows devices.<\/p>\n<p>In the past, people used the <a href=\"http:\/\/linux.die.net\/man\/1\/finger\" target=\"_blank\" rel=\"nofollow noopener\">finger command<\/a> to look up information about local and remote users on Unix and Linux systems via the Finger protocol, a command later added to Windows. While still supported, it\u2019s rarely used today compared to its popularity decades ago.<\/p>\n<p>When executed, the finger command returns basic information about a user, including their login name, name (if set in \/etc\/passwd), home directory, phone numbers, last seen, and other details.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The decades-old \u201cfinger\u201d command is making a comeback\u201e with threat actors using the protocol to retrieve remote commands to execute on Windows devices. In the past, people used the finger command to look up information about local and remote users on Unix and Linux systems via the Finger protocol, a command later added to Windows. [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34],"tags":[],"class_list":["post-225298","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225298","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=225298"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/225298\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=225298"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=225298"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=225298"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}