How hackers may use this Windows app to infect your PC – Times of India

PCs are getting advanced each day with new security and privacy measures to keep your system safe from malware. But so are the hackers. Now, attackers have found a new method to infect Windows PCs with malware, and they are doing it with the Windows Calculator.
The QBot or Qakbot malware group has found a new way to distribute the malicious code to systems. As per a report by Bleeping Computer, the attackers are using the Windows Calculator app to side-load malicious code onto the systems. They are doing this with the help of DLL side-loading, one of the common attack methods.
How does the malware ‘attack’ your PC?
The DLL side-loading takes advantage of the Dynamic Link Libraries (DLLs) handling process in the Windows system. Attackers use the method to mimic an actual DLL, which is then moved to a folder where the OS loads it as an authorized DLL.
The QBot malware, initially a banking trojan, has now evolved into a malware distribution platform actively used by ransomware gangs.
Attackers have been using the Calculator app from the Windows 7 to perform the DLL side-loading. The method has been used in malicious spam campaigns. The malware is said to be infecting PCs since July 11 this year.
The malware is being spread through emails with an HTML file attachment and a password-protected ZIP archive. The ZIP file is being locked behind a password to avoid antivirus protection. Attackers put an ISO file inside the ZIP archive containing a .LNK copy of ‘calculator.exe’ (Windows Calculator) and two DLL files – WindowsCodecs.dll and 7533.dll (the malicious payload).
Once the user mounts the ISO file, a shortcut gets executed linked to the Windows Calculator app, and then the Qbot malware infiltrates the system using the command prompt. The use of the Calculator app, which is a trusted program, makes the malware quite effective as it executes in plain sight even with the antivirus software installed on the system.
However, the malware is ineffective with the newer Windows 10 or 11 systems. Attackers can not use the DLL side-loading techniques on the newer Windows iterations, but users running Windows 7 or older should be wary of any spam emails before opening them.

FOLLOW US ON SOCIAL MEDIA

FacebookTwitterInstagramKOO APPYOUTUBE

For all the latest Technology News Click Here 

 For the latest news and updates, follow us on Google News

Read original article here

Denial of responsibility! TechNewsBoy.com is an automatic aggregator around the global media. All the content are available free on Internet. We have just arranged it in one platform for educational purpose only. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials on our website, please contact us by email – [email protected]. The content will be deleted within 24 hours.