Sometimes security breaches and hacking attacks come from the most unlikely of sources, even going so far as to utilize trusted applications to infect an endpoint or network. This is the case with a new phishing attack which uses the Calculator application that comes built-in with Windows in a very creative way. This is just one example of how hackers have been forced to innovate to combat the increasingly secure systems which businesses and users rely on today, and it should be a testament as to why you can never be too careful.
A security researcher who goes by ProxyLife on Twitter has reportedly discovered that there are several strains of malware and phishing attacks utilizing an outdated version of Microsoft’s Calculator application to find their way onto your network and launch their attacks—specifically the Windows 7 version of Calculator. The way that it works is that a cybercriminal tricks the user into downloading an ISO disc image which is disguised as a PDF or other similar file. This ISO contains a shortcut to an opened version of the Calculator application.
The Windows 7 Calculator can use what are called Dynamic Link Libraries in the same folder rather than defaulting to Windows’ system default libraries. The Calculator then runs the library, which is infected with malware. Later versions of Calculator do not have this capability, hence why an older version is necessary. Since Windows thinks that Calculator is a legitimate application, opening it in this way doesn’t set off any red flags within the system.
At the end of the day, this is largely an obscure threat that sees hackers using the tools at their disposal in creative and different ways. It is not yet known if Microsoft has issued an update to Defender to put a stop to these types of attacks, but the long and short of it is that you probably won’t encounter this specific threat, as long as you are using proper security practices while browsing the Internet or checking your email.
Still, the idea that threats can use trusted and known applications in this way can make things a bit of a hassle for your IT team. These types of attacks might bypass the defenses built into your operating systems, but they can be caught if you are proactively monitoring your infrastructure for abnormalities. These abnormalities can then be contained, isolated, and eliminated. Of course, the problem here is that you likely wouldn’t find this type of threat if you weren’t actively looking for it—which is where we come in.
We know that it can be a challenge to keep your network safe. That’s why we make it easy with our remote monitoring services. Combined with comprehensive security solutions like a firewall, antivirus, spam blocker, and content filter, you’ll find that your network has never been safer. To learn more about what we can do for your business, contact us today at (716) 685-1181.