Windows Calculator Used to Phish Victims A Windows calculator has been used to phish victims, according to a report from security firm Proofpoint. The calculator, which is available for download from the Microsoft website, is used to generate fake login credentials and other sensitive information. The calculator was discovered by Proofpoint after it was used in a phishing attack against a company in the United States. The attack involved emails that appeared to be from the company’s employees and asked recipients to input their login credentials into the calculator. If the victim entered their login information, they were then taken to a fake website that looked exactly like the real site. The Windows calculator is not the only tool that attackers have used in recent years to phish victims. In 2016, researchers at Symantec found that hackers were using malicious PDF files to trick users into entering their login credentials into fake websites. ..


Security researcher ‘ProxyLife’ discovered some malware and phishing attacks are now using the Calculator application from Windows 7 to break into modern Windows PCs, as reported by Bleeping Computer. The attack starts by tricking someone into downloading an ISO disc image disguised as a PDF or other file, which contains a shortcut that opens an included copy of the Calculator application.

So, why use an outdated version of Calculator to break into systems? Well, the Windows 7 Calculator will use Dynamic Link Libraries (DLLs) in the same folder if they are present, instead of always using the libraries in the Windows system folder. Opening the Calculator doesn’t set off any alarm bells in Windows, likely because since it’s signed by Microsoft, but it can still load an infected “WindowsCodecs.dll” library bundled with Calculator. Newer versions of the Calculator app included in Windows aren’t vulnerable to switching DLLs, which is why an older version is included in the package.

It’s not clear yet if Microsoft has updated Defender to properly recognize this type of attack, but if you don’t download files from strange websites (or email attachments from people you don’t know), you probably don’t have to worry about it.

Via: Bleeping Computer