You May Not Believe It; But Hackers Use Microsoft’s Seemingly Simple Calculator Program To Inject Malicious Code And Infiltrate Their Victims’ Systems.
Hackers have found an unusual way to infect personal computers with malware: distributing malicious code with the Windows calculator program. The creators of the famous QBot malware have managed to find a way to inject malicious code into this program.
In the method of sideloading DLL files, the original version is faked and moved to another folder to trick the device’s operating system into replacing the original version with the infected version.
QBot is a type of Windows malware initially known as a banking Trojan. However, as the tool has evolved into a malware distribution platform, many ransomware groups have become dependent.
According to ProxyLife researchers, the QBot malware uses Windows 7’s Calculator program to execute code-sideloading attacks on DLLs. These attacks have been targeting personal computers since at least January 11 and have been used as an effective way to run malicious spam campaigns.
Digital Trends reports that the emails containing the malware are in the form of HTML file attachments and include an archive with a ZIP extension along with an ISO file that contains the LNK file and a copy of calc.exe and two DLL files, including WindowsCodecs.dll. Opening the ISO file in these emails will launch a shortcut that links to the Windows Calculator program after further checking the file’s properties.
After opening this shortcut, the malicious code with QBot malware penetrates the system through the command line tool (Command Prompt).
Because Windows Calculator is a safe program, tricking the system into distributing infected code through this software means that the security program cannot detect it; Therefore, it prevents detection in a very effective and creative way.
As we mentioned, hackers can no longer use the technique of sideloading malware in Windows 10 or Windows 11 DLL files; Therefore, people still using Windows 7 should be on the lookout for any suspicious emails containing ISO files.
Windows Calculator is not a program that hackers usually use to break into target systems, but it doesn’t seem too strange to use such a solution regarding the current state of hacking and its progress. QBot was first identified more than a decade ago.
This tool was for ransomware purposes.
In 2022, we have seen an increase in malware activity, among which we can mention the most potent HTTPS DDoS attack in history. Additionally, ransomware groups are evolving their tools; Therefore, it is not surprising that they are constantly using new loopholes to achieve their goals.
At the same time, technology giants such as Microsoft have provided new solutions to improve security in the Internet space by increasing warnings related to cybercrimes.