{"id":477715,"date":"2022-07-25T18:37:34","date_gmt":"2022-07-25T15:37:34","guid":{"rendered":"https:\/\/en.buradabiliyorum.com\/phishing-attacks-are-now-using-the-windows-calculator\/"},"modified":"2022-07-25T18:37:34","modified_gmt":"2022-07-25T15:37:34","slug":"phishing-attacks-are-now-using-the-windows-calculator","status":"publish","type":"post","link":"https:\/\/buradabiliyorum.com\/en\/phishing-attacks-are-now-using-the-windows-calculator\/","title":{"rendered":"#Phishing Attacks Are Now Using the Windows Calculator"},"content":{"rendered":"<div id=\"ez-toc-container\" class=\"ez-toc-v2_0_85 counter-hierarchy ez-toc-counter ez-toc-custom ez-toc-container-direction\">\n<p class=\"ez-toc-title\" style=\"cursor:inherit\">Table of Contents<\/p>\n<label for=\"ez-toc-cssicon-toggle-item-6a3dcd652532c\" class=\"ez-toc-cssicon-toggle-label\"><span class=\"\"><span class=\"eztoc-hide\" style=\"display:none;\">Toggle<\/span><span class=\"ez-toc-icon-toggle-span\"><svg style=\"fill: #dd3333;color:#dd3333\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" class=\"list-377408\" width=\"20px\" height=\"20px\" viewBox=\"0 0 24 24\" fill=\"none\"><path d=\"M6 6H4v2h2V6zm14 0H8v2h12V6zM4 11h2v2H4v-2zm16 0H8v2h12v-2zM4 16h2v2H4v-2zm16 0H8v2h12v-2z\" fill=\"currentColor\"><\/path><\/svg><svg style=\"fill: #dd3333;color:#dd3333\" class=\"arrow-unsorted-368013\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"10px\" height=\"10px\" viewBox=\"0 0 24 24\" version=\"1.2\" baseProfile=\"tiny\"><path d=\"M18.2 9.3l-6.2-6.3-6.2 6.3c-.2.2-.3.4-.3.7s.1.5.3.7c.2.2.4.3.7.3h11c.3 0 .5-.1.7-.3.2-.2.3-.5.3-.7s-.1-.5-.3-.7zM5.8 14.7l6.2 6.3 6.2-6.3c.2-.2.3-.5.3-.7s-.1-.5-.3-.7c-.2-.2-.4-.3-.7-.3h-11c-.3 0-.5.1-.7.3-.2.2-.3.5-.3.7s.1.5.3.7z\"\/><\/svg><\/span><\/span><\/label><input type=\"checkbox\"  id=\"ez-toc-cssicon-toggle-item-6a3dcd652532c\" checked aria-label=\"Toggle\" \/><nav><ul class='ez-toc-list ez-toc-list-level-1 ' ><li class='ez-toc-page-1 ez-toc-heading-level-1'><a class=\"ez-toc-link ez-toc-heading-1\" href=\"https:\/\/buradabiliyorum.com\/en\/phishing-attacks-are-now-using-the-windows-calculator\/#%E2%80%9CPhishing_Attacks_Are_Now_Using_the_Windows_Calculator%E2%80%9D\" >&#8220;Phishing Attacks Are Now Using the Windows Calculator&#8221;<\/a><\/li><\/ul><\/nav><\/div>\n<h1><span class=\"ez-toc-section\" id=\"%E2%80%9CPhishing_Attacks_Are_Now_Using_the_Windows_Calculator%E2%80%9D\"><\/span>&#8220;Phishing Attacks Are Now Using the Windows Calculator&#8221;<span class=\"ez-toc-section-end\"><\/span><\/h1>\n<div id=\"post-820691\">\n<div class=\"entry-content e-content\">\n<figure style=\"width: 1200px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"type:primaryImage wp-image-820699 size-full\" data-pagespeed-no-defer=\"\" src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/07\/Calculator-malware.jpg?width=1198&amp;trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"image of Calculator app with a skull\" width=\"1200\" height=\"675\" data-crediturl=\"https:\/\/commons.wikimedia.org\/wiki\/File:Windows_7_Calculator.png\" data-credittext=\"LR Guanzon\/Wikimedia, Google\"\/><figcaption class=\"wp-caption-text\"><span class=\"type:primaryImage imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/commons.wikimedia.org\/wiki\/File:Windows_7_Calculator.png\">LR Guanzon\/Wikimedia, Google<\/a><\/span><\/figcaption><\/figure>\n<p>Windows has become better and better at stopping viruses and malware, even if you don\u2019t have the best antivirus software installed. Malware developers have to get creative to infect systems, which now includes utilizing the Windows 7 Calculator <a href=\"https:\/\/buradabiliyorum.com\/en\/category\/download-scripts-themes-apps\/\" data-internallinksmanager029f6b8e52c=\"9\" title=\"Download Scripts &amp; Themes &amp; Apps\" target=\"_blank\" rel=\"noopener\">app<\/a>lication.<\/p>\n<p>Security researcher <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/vxtwitter.com\/pr0xylife\/status\/1546607135089430532\">\u2018ProxyLife\u2019 discovered<\/a> some malware and phishing attacks are now using the Calculator application from Windows 7 to break into modern Windows PCs, as reported by <em>Bleeping Computer<\/em>. The attack starts by tricking\u00a0someone into downloading an ISO disc image disguised as a PDF or other file, which contains a shortcut that opens an included copy of the Calculator application.<\/p>\n<p>So, why use an outdated version of Calculator to break into systems? Well, the Windows 7 Calculator will use\u00a0Dynamic Link Libraries (DLLs) in the same folder if they are present, instead of always using the libraries in the Windows system folder. Opening the Calculator doesn\u2019t set off any alarm bells in Windows, likely because since it\u2019s signed by Microsoft, but it can still load an infected \u201cWindowsCodecs.dll\u201d library bundled with Calculator. Newer versions of the Calculator app included in Windows aren\u2019t vulnerable to switching DLLs, which is why an older version is included in the package.<\/p>\n<figure style=\"width: 759px\" class=\"wp-caption alignnone\"><img loading=\"lazy\" decoding=\"async\" class=\"wp-image-820695 size-full\" data-pagespeed-lazy-src=\"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/07\/FXalhnDX0AImbCU.png?trim=1,1&amp;bg-color=000&amp;pad=1,1\" alt=\"image of ISO file\" width=\"759\" height=\"351\" data-crediturl=\"https:\/\/twitter.com\/pr0xylife\/status\/1546607135089430532\" data-credittext=\"ProxyLife\" src=\"\/pagespeed_static\/1.JiBnMqyl6S.gif\" onload=\"pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\" onerror=\"this.onerror=null;pagespeed.lazyLoadImages.loadIfVisibleAndMaybeBeacon(this);\"\/><figcaption class=\"wp-caption-text\">The files used in the phishing attack, including \u201ccalc.exe\u201d from Windows 7 and two DLL files <span class=\"imagecredit\"><a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/twitter.com\/pr0xylife\/status\/1546607135089430532\">ProxyLife<\/a><\/span><\/figcaption><\/figure>\n<p>It\u2019s not clear yet if Microsoft has updated Defender to properly recognize this type of attack, but if you don\u2019t download files from strange websites (or email attachments from people you don\u2019t know), you probably don\u2019t have to worry about it.<\/p>\n<p><small>Via: <a rel=\"nofollow noopener\" target=\"_blank\" href=\"https:\/\/www.bleepingcomputer.com\/news\/security\/qbot-phishing-uses-windows-calculator-sideloading-to-infect-devices\/\">Bleeping Computer<\/a><\/small><\/p>\n<\/div>\n<p><!-- .entry-content --><br \/>\n<!-- .entry-footer -->\n<\/div>\n<p><script async src=\"\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p><script>\n setTimeout(function(){\n  !function(f,b,e,v,n,t,s)\n  {if(f.fbq)return;n=f.fbq=function(){n.callMethod?\n  n.callMethod.apply(n,arguments):n.queue.push(arguments)};\n  if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';\n  n.queue=[];t=b.createElement(e);t.async=!0;\n  t.src=v;s=b.getElementsByTagName(e)[0];\n  s.parentNode.insertBefore(t,s) } (window, document,'script',\n  'https:\/\/connect.facebook.net\/en_US\/fbevents.js');\n   fbq('init', '335401813750447');\n   fbq('track', 'PageView');\n  },3000);\n<\/script><\/p>\n<blockquote><p><strong><span style=\"color: #ff6600;\">If you liked the article, do not forget to share it with your friends. Follow us on\u00a0<span style=\"color: #ff0000;\"><a style=\"color: #ff0000;\" href=\"https:\/\/news.google.com\/publications\/CAAqBwgKMLG0nwswvr63Aw\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Google News<\/a><\/span>\u00a0too, click on the star and choose us from your favorites.<\/span><\/strong><\/p><\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\">For forums sites go to <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/forum.buradabiliyorum.com\/\" target=\"_blank\" rel=\"noopener\">Forum.BuradaBiliyorum.Com<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<blockquote>\n<p style=\"text-align: center;\"><strong>If you want to read more like this article, you can visit our <span style=\"color: #ff9900;\"><a style=\"color: #ff9900;\" href=\"https:\/\/en.buradabiliyorum.com\/technology\/\" target=\"_blank\" rel=\"noopener\">Technology category.<\/a><\/span><\/strong><\/p>\n<\/blockquote>\n<p><span style=\"color: black;\"><a style=\"color: #ff9900;\" href=\"https:\/\/www.howtogeek.com\/820691\/phishing-attacks-are-now-using-the-windows-calculator\/\" target=\"_blank\" rel=\"noopener\">Source<\/a><\/span><\/p>\n","protected":false},"excerpt":{"rendered":"<p>&#8220;Phishing Attacks Are Now Using the Windows Calculator&#8221; LR Guanzon\/Wikimedia, Google Windows has become better and better at stopping viruses and malware, even if you don\u2019t have the best antivirus software installed. Malware developers have to get creative to infect systems, which now includes utilizing the Windows 7 Calculator application. Security researcher \u2018ProxyLife\u2019 discovered some&#8230;<\/p>\n","protected":false},"author":1,"featured_media":477716,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/www.howtogeek.com\/wp-content\/uploads\/2022\/07\/Calculator-malware.jpg?height=200p&trim=2,2,2,2","fifu_image_alt":"","footnotes":""},"categories":[18],"tags":[],"class_list":["post-477715","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-technology"],"_links":{"self":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/477715","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/comments?post=477715"}],"version-history":[{"count":0,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/posts\/477715\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media\/477716"}],"wp:attachment":[{"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/media?parent=477715"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/categories?post=477715"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/buradabiliyorum.com\/en\/wp-json\/wp\/v2\/tags?post=477715"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}