Tag: Arsenal | SpinSafe

The latest tool in the hacker arsenal: Microsoft Calculator

July 25, 2022/in Computer Security

Hackers have found an unusual and unconventional method to infect PCs with malware: distributing dangerous code with Windows Calculator.

The individuals behind the well-known QBot malware have managed to find a way to use the program to side-load malicious code on infected systems.

A depiction of a hacker breaking into a system via the use of code. — Getty Images

As reported by Bleeping Computer, Dynamic Link Libraries (DLLs) side-loading is when an actual DLL is spoofed, after which it is moved to a folder in order to trick the machine’s operating system to load the doctored version as opposed to the real DLL files.

QBot, a strain of Windows malware, was initially known as a banking trojan. However, ransomware gangs now rely on it due to its evolution into a malware distribution platform.

QBot has been utilizing the Windows 7 Calculator program in particular to execute DLL side-loading attacks, according to security researcher ProxyLife. These attacks have been infecting PCs since at least July 11, and it’s also an effective method for carrying out malicious spam (malspam) campaigns.

Emails that contain the malware in the form of an HTML file attachment include a ZIP archive that comes with an ISO file, which contains a .LNK file, a copy of ‘calc.exe’ (Windows Calculator), as well as two DLL files: WindowsCodecs.dll, joined by a malicious payload (7533.dll).

Opening the ISO file eventually executes a shortcut, which upon further investigation of the properties dialog for the files, is linked to Windows’ Calculator app. Once that shortcut has been opened, the infection infiltrates the system with QBot malware through Command Prompt.

The new version of the Calculator app in Windows 11.

Due to the fact that Windows Calculator is obviously a trusted program, tricking the system to distribute a payload through the app means security software could fail to detect the malware itself, making it an extremely effective — and creative — way to avoid detection.

That said, hackers can no longer use the DLL sideloading technique on Windows 10 or Windows 11, so anyone with Windows 7 should be wary of any suspicious emails and ISO files.

Windows Calculator is not a program commonly used by threat actors to infiltrate targets with, but when it comes to the current state of hacking and its advancement,…

Source…

Putins asymmetric arsenal presages more hacking attacks

July 9, 2021/in Computer Security

But less than a month later, hackers from Russian military intelligence were breaching the computers of the U.S. Republican National Committee, Bloomberg News reported Tuesday.

The Kremlin denied involvement in the latest attack, as it has in all previous ones, but that did nothing to relieve the pressure on Biden from critics of his efforts to repair relations with Russia.

For Moscow, cyber weapons are just one of the tools used in the increasingly fierce standoff with the U.S., and warm words at a presidential summit aren’t enough to change that, according to former officials and analysts.

Just last week, Putin signed off on a new National Security Strategy that called for the use of such “asymmetric” tactics in response to “unfriendly actions” of other nations. A Russian law passed earlier this year formally categorizes the U.S. as unfriendly.

“Hacker attacks are the simplest tool for Moscow to deploy,” said Gleb Pavlovsky, who worked as a Kremlin political adviser during Putin’s first decade in power until 2011. While sophisticated operations to breach computer security take time to prepare “they could have been ready, just waiting for the go-ahead at the right time,” he said.

Russia’s U.S. Ambassador Anatoly Antonov said Wednesday that Moscow wasn’t involved in hacks against U.S. infrastructure and that cybersecurity issues are likely to be a topic of discussion when U.S. and Russian officials meet as soon as next week for another round of dialogue.

“Don’t forget there is a lot of mistrust between the United States and Russia, there are a lot of problems,” Antonov said on Bloomberg Television’s “Balance of Power” with David Westin. “We are in close contact with various agencies of the United States.”

There is “ongoing high-level engagement from our national security officials with the Russian government” about cyber attacks, White House Press Secretary Jen Psaki told reporters Wednesday.

Source…