Source

In every seconds, every hour, every day and every year PCs are getting advanced with the appropriate tools, privacy measures and security features that helps them to prevent malwares from attacking the machine.

Just as the producers of this machine are doing their very best to prevent malwares from attacking the machine, hackers are also doing their very best in other to attack the machine with those malware. As a result hackers have found new way of attacking PC through the windows calculator.

The malware group of companies called the Qakbot have been able to discover a way through which it distribute it malicious codes to the system it is to infect. Research by the bleeping computers have come out that the hackers are using the windows calculator as a means to side load the malicious codes into the system it wants to affect. One of the supporting system helping it to take effect is the DLL side loading which is among the common side loaders.

Source

---

A look at how the malware attack the PC

---

As I made mention of, the DLL side loading system made a very good use of the dynamic Link Libraries which is also one of the handling process in windows system. What actually happens is that the attackers all around made use of this method exactly by mimicking the actual DLL, which will automatically move to a folder and at this point the OS load is then authorized to DLL.

It was initially known as the banking trojan but has for the few years develop into what is called malware actively used by the ransomware gang in and around the world according to the Qakbot company. Research has proven that most of the times, attackers use the known calculator app on windows 7
to perform the side loading which is very crucial.

It is has also been reported that the since July 11th of the last month, the malware has been causing damages to people's PC most importantly their documents that are been lost. It has also be confirmed that it has been used in malicious spam campaign.

Another reports also suggested that the malware were been spread through emails. It comes with an HTML file attached with an encrypted Zip achieve and because of the encryption of the ZIP file, it is very difficult for antivirus to be able to identify that it is a malware to rise the alarm. This same ZIP contain an ISO file containing a link copy of calculator.exe' which is the executable file for the windows calculator. In this same ZIP file is the dll file window codesc.dlland 7533.dll which is the malicious play load popularly called the dynamic Link Libraries.

Immediately an individual receives this executable file and mount it, there is an immediate shortcut that gets executed link by taking over the windows calculator app. This is when the Qbot will come in to infiltrate the window calculator using the command prompt. While it is hidden inside this calculator app, it then execute it functionalities in the manner making it difficult to be detected by antiviruses even though antivirus might be installed.

Individuals should be aware that this malware is ineffective in the current window 10 and 11 systems. They have tried several times but can not use the Dll side loading technique on the the present version of both windows 10 and 11. However individuals using any other version of windows should be very much aware that they are probe to these malwares and can cause great harm.

Source

---

Conclusion

---

This is one of the major reasons reason why it is advisable to update to the newer version of windows or any other applications you are using. Older versions of applications and windows or other operating systems are easily bothered by malwares and viruses. Let's Check and ensure we are safe.