The list of native executables in Windows that can download or run malicious code keeps growing as another one has been reported recently.
These are known as living-off-the-land binaries (LoLBins) and can help attackers bypass security controls to fetch malware without triggering a security alert on the system.
The latest addition is finger.exe, a command that ships with Windows to retrieve information about users on remote computers running the Finger service or daemon. Communication is carried via the Name/Finger network communication protocol.
Source: Bleeping Computer