You’ll never guess what hackers are using Microsoft Calculator for

Hackers have found an unusual and unconventional method to infect PCs with malware: distributing dangerous code with Windows Calculator.

The individuals behind the well-known QBot malware have managed to find a way to use the program to side-load malicious code on infected systems.

Getty Images

As reported by Bleeping Computer, Dynamic Link Libraries (DLLs) side-loading is when an actual DLL is spoofed, after which it is moved to a folder in order to trick the machine’s operating system to load the doctored version as opposed to the real DLL files.

QBot, a strain of Windows malware, was initially known as a banking trojan. However, ransomware gangs now rely on it due to its evolution into a malware distribution platform.

QBot has been utilizing the Windows 7 Calculator program in particular to execute DLL side-loading attacks, according to security researcher ProxyLife. These attacks have been infecting PCs since at least July 11, and it’s also an effective method for carrying out malicious spam (malspam) campaigns.

Emails that contain the malware in the form of an HTML file attachment include a ZIP archive that comes with an ISO file, which contains a .LNK file, a copy of ‘calc.exe’ (Windows Calculator), as well as two DLL files: WindowsCodecs.dll, joined by a malicious payload (7533.dll).

Opening the ISO file eventually executes a shortcut, which upon further investigation of the properties dialog for the files, is linked to Windows’ Calculator app. Once that shortcut has been opened, the infection infiltrates the system with QBot malware through Command Prompt.

Due to the fact that Windows Calculator is obviously a trusted program, tricking the system to distribute a payload through the app means security software could fail to detect the malware itself, making it an extremely effective — and creative — way to avoid detection.

That said, hackers can no longer use the DLL sideloading technique on Windows 10 or Windows 11, so anyone with Windows 7 should be wary of any suspicious emails and ISO files.

Windows Calculator is not a program commonly used by threat actors to infiltrate targets with, but when it comes to the current state of hacking and its advancement, nothing seems to be beyond the realm of possibility. The first appearance of QBot itself occurred more than a decade ago, and it has previously been used for ransomware purposes.

Elsewhere, we’ve been seeing an aggressive rate of activity in the malware and hacking space throughout 2022, such as the largest HTTPS DDoS attack in history. Ransomware gangs themselves are also evolving, so it’s not a surprise they’re continuously finding loopholes to benefit from.

With the alarming rise in cybercrime in general, technology giant Microsoft has even launched a cybersecurity initiative, with the “security landscape [becoming] increasingly challenging and complex for our customers.”

Related posts

Latest posts

Does the Samsung Galaxy S25 have an SD card slot?

The Samsung Galaxy S25 range will not include an SD card port, but you have other options for expanding your phone's storage.

AMD Ryzen Z2 Go vs. Z1 Extreme: a handheld head-to-head

The Z2 Go and Z1 Extreme are two of the most capable handheld gaming CPUs out there, but how do they compare and which is right for you? Let's investigate.

AMD might’ve already lost the war with the RX 9070 XT

I was excited for the RX 9070 XT, but the way AMD is handling its launch is making me worry about the future of the RX 9000 series.

The OnePlus Open 2’s slim design could mean a thinner camera bump

A new batch of Oppo Find N5 images has surfaced, showing off its front display and rear camera setup.

Gurman: Apple Stores Receiving ‘Merchandise’ Updates Next Week

Apple's retail stores will be rolling out "merchandise/floor marketing updates" next week, according to Bloomberg's Mark Gurman.Gurman did not explicitly

EV sales surge could continue as Trump delays ending federal rebates, report says

A surge in sales of electric vehicles in the final months of last year could continue well into 2025, as consumers continue to take advantage of federal tax incentives while they last.,

Valve needs to rethink the Deck Verified program

The world of handheld gaming PCs is rapidly changing, and Valve's Deck Verified program needs to change along with it.

OnePlus 13 lands useful AI tricks and a fix for camera snags

The latest OxygenOS update adds AI-assisted translation tools that makes it easier to hold two-way conversations in split-screen mode, and even with headphones.

The iPhone 17 Pro Max might get a standard Dynamic Island after all

Conflicting reports from tipsters leave the fate of the iPhone 17's Dynamic Island up in the air.

Smartwatches might predict psychiatric illnesses tied to genetics

Using data collected from Fitbit smartwatches and fed to an AI model, a team was able to unearth links between genetic factors and issues like ADHD and anxiety.