Windows is increasingly trying to stop viruses and malware software, even if you don't have the best security software installed.
So malware developers have to be very creative to infect systems. Attacks using Windows 7's Calculator application have therefore recently been observed.
Security researcher “ProxyLife” He discovered that some malware and phishing attacks are using Windows 7's Calculator app to break into modern Windows PCs, Bleeping Computer reports.
The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or something else archive, which contains a shortcut that opens a malicious copy of the Calculator application.
Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.
Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they use an older version.
The files used in the phishing attack are “calc.exe” from Windows 7 and two ProxyLife DLL files
It's not yet clear if Microsoft has updated Defender to recognize this type of attack, but if you're not downloading files from strange websites (or email attachments from people you don't know), you probably don't need to worry.
Update:
On our Facebook page they were noticed comments who dispute the above, using as justification the non-support of Windows 7 by Microsoft. You should read the whole text before judging it.
So above we mention:
“Why are they using an outdated version of the Calculator app to hack systems?
Well, Windows 7 Calculator uses the Dynamic Link Libraries (DLLs) in the same folder, if they exist, instead of using the libraries located in the Windows system folder.”
Attackers use an older application to attack new systems:
“Opening the Calculator app doesn't trigger any Windows alerts, probably because it's signed by Microsoft, but it can still load the infected “WindowsCodecs.dll” library that comes with the malicious Calculator.
Newer versions of the Calculator app included with Windows are not vulnerable. That's why they're using an older version.”