How hackers may use this Windows app to infect your PC – Times of India

PCs are getting advanced each day with new security and privacy measures to keep your system safe from malware. But so are the hackers. Now, attackers have found a new method to infect Windows PCs with malware, and they are doing it with the Windows Calculator.
The QBot or Qakbot malware group has found a new way to distribute the malicious code to systems. As per a report by Bleeping Computer, the attackers are using the Windows Calculator app to side-load malicious code onto the systems. They are doing this with the help of DLL side-loading, one of the common attack methods.
How does the malware ‘attack’ your PC?
The DLL side-loading takes advantage of the Dynamic Link Libraries (DLLs) handling process in the Windows system. Attackers use the method to mimic an actual DLL, which is then moved to a folder where the OS loads it as an authorized DLL.
The QBot malware, initially a banking trojan, has now evolved into a malware distribution platform actively used by ransomware gangs.
Attackers have been using the Calculator app from the Windows 7 to perform the DLL side-loading. The method has been used in malicious spam campaigns. The malware is said to be infecting PCs since July 11 this year.
The malware is being spread through emails with an HTML file attachment and a password-protected ZIP archive. The ZIP file is being locked behind a password to avoid antivirus protection. Attackers put an ISO file inside the ZIP archive containing a .LNK copy of ‘calculator.exe’ (Windows Calculator) and two DLL files – WindowsCodecs.dll and 7533.dll (the malicious payload).
Once the user mounts the ISO file, a shortcut gets executed linked to the Windows Calculator app, and then the Qbot malware infiltrates the system using the command prompt. The use of the Calculator app, which is a trusted program, makes the malware quite effective as it executes in plain sight even with the antivirus software installed on the system.
However, the malware is ineffective with the newer Windows 10 or 11 systems. Attackers can not use the DLL side-loading techniques on the newer Windows iterations, but users running Windows 7 or older should be wary of any spam emails before opening them.