Phishing: a dangerous virus hides in the Windows calculator

A team of security researchers has just discovered that malware is currently using the calculator in Windows 7. It is not yet known whether Microsoft has updated Defender to counter this attack.

It has become quite difficult to force security systems to Windows for viruses or malware. The malicious people who hide behind all the cyberattacks must therefore redouble their ingenuity and creativity to carry out their attacks. And they unfortunately do quite well. It is in this way that hackers have for example used Microsoft Team on several occasions, taking advantage of the blind trust that company employees place in the platform.

More recently, a cyberattack used HTTPS proxy techniques to hijack Office 365 accounts, with thousands of businesses affected. Now, security researchers have just discovered that a campaign phishing uses the Windows 7 Calculator application to carry out his attack. It’s the media Bleeping Computer who just relayed the information.

Phishing Attack Now Uses Windows 7 Calculator

Concretely and without going into too technical details, this is how the attack unfolds.

  • This starts by prompting the user to download an ISO disc image disguised as a PDF file.
  • The latter contains a shortcut that opens a copy included in the Calculator application.
  • Windows 7 calculator will use dynamic link libraries (dlls) in the same folder.
  • Opening the calculator thus does not trigger no alarm in windows.
  • A file that contains the Qbot malware loads and the latter can thus infect the Windows file explorer and start data theft.

Also note that Microsoft has already fixed this flaw. Thereby, this innovative phishing campaign does not work with the calculator of Windows 10 and Windows 11. But you still have to be careful. Because the accidentally downloaded file contains the version of the Windows 7 calculator, which uses this technique to attack the most recent versions of Windows. As in all cases in the face of similar phishing threats, it is therefore necessary make sure you have up-to-date anti-virus software and avoid downloading files from suspicious websites.

Read also: Phishing, hundreds of fake FR domain names registered, an unprecedented campaign is preparing

Source :

Related Articles

Leave a Reply

Your email address will not be published.