Security researcher ‘ProxyLife’ discovered some malware and phishing attacks are now using the Calculator application from Windows 7 to break into modern Windows PCs, as reported by Bleeping Computer. The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or other file, which contains a shortcut that opens an included copy of the Calculator application.
So, why use an outdated version of Calculator to break into systems? Well, the Windows 7 Calculator will use Dynamic Link Libraries (DLLs) in the same folder if they are present, instead of always using the libraries in the Windows system folder. Opening the Calculator doesn’t set off any alarm bells in Windows, likely because since it’s signed by Microsoft, but it can still load an infected “WindowsCodecs.dll” library bundled with Calculator. Newer versions of the Calculator app included in Windows aren’t vulnerable to switching DLLs, which is why an older version is included in the package.
It’s not clear yet if Microsoft has updated Defender to properly recognize this type of attack, but if you don’t download files from strange websites (or email attachments from people you don’t know), you probably don’t have to worry about it.
Via: Bleeping Computer