Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims' devices.