Windows is increasingly trying to stop viruses and malware, even if you don't have the best protection software installed.
So malware developers have to be very creative to infect systems. Attacks have recently been observed using the application Calculator of Windows 7.
Security researcher “ProxyLife” He discovered that some malware and phishing attacks are using Windows 7's Calculator app to break into modern Windows PCs, the Bleeping Computer.
The attack starts by tricking someone into downloading a picture ISO disc disguised as a PDF or other file, which contains a shortcut that opens a malicious copy of the Calculator application.
Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.
Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they use an older version.
The files used in the phishing attack are “calc.exe” from Windows 7 and two ProxyLife DLL files
It's not yet clear if Microsoft has updated Defender to recognize this type of attack, but if you don't download files from strange websites (or email attachments from people you don't know), you probably don't need to worry.
Update:
On our Facebook page we saw comments questioning the above, using Microsoft's non-support of Windows 7 as justification. You should read the whole text before judging it.
So above we mention:
“Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.”
Attackers use an older application to attack new systems:
“Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they're using an older version.”