Tech Tip: How to Avoid Vulnerabilities in Your Phone’s Calculator

Sometimes security breaches and hacking attacks come from the most unlikely of sources, even going so far as to utilize trusted applications to infect an endpoint or network. This is the case with a new phishing attack which uses the Calculator application that comes built-in with Windows in a very creative way, just one example of how hackers have been forced to innovate to combat the increasingly secure systems which businesses and users rely on today. And, it should be a testament as to why you can never be too careful.

What’s the Threat?

A security researcher who goes by ProxyLife on Twitter has reportedly discovered there are several strains of malware and phishing attacks utilizing an outdated version of Microsoft’s Calculator application to find their way onto your network and launch their attacks — specifically the Windows 7 version of Calculator. The way it works is that a cybercriminal tricks the user into downloading an ISO disc image which is disguised as a PDF or other similar file. This ISO contains a shortcut to an opened version of the Calculator application.

The Windows 7 Calculator can use what are called Dynamic Link Libraries in the same folder rather than defaulting to Windows’ system default libraries. The Calculator then runs the library, which is infected with malware. Later versions of Calculator do not have this capability, hence why an older version is necessary. Since Windows thinks that Calculator is a legitimate application, opening it in this way doesn’t set off any red flags within the system.

Should You be Worried?

At the end of the day, this is largely an obscure threat that sees hackers using the tools at their disposal in creative and different ways. It’s not yet known if Microsoft has issued an update to Defender to put a stop to these types of attacks, but the long and short of it is that you probably won’t encounter this specific threat, as long as you’re using proper security practices while browsing the Internet or checking your email.

Still, the idea that threats can use trusted and known applications in this way can make things a bit of a hassle for your IT team. These types of attacks might bypass the defenses built into your operating systems, but they can be caught if you’re proactively monitoring your infrastructure for abnormalities. These abnormalities can then be contained, isolated, and eliminated. Of course, the problem here is that you likely wouldn’t find this type of threat if you weren’t actively looking for it.

Proactively Monitor Your Network

We know that it can be a challenge to keep your network safe. That’s why we make it easy with our remote monitoring services. Combined with comprehensive security solutions like a firewall, antivirus, spam blocker, and content filter, you’ll find that your network has never been safer.

To learn more, contact us today at (703) 821-8200.

Alan Edwards, CISM, is chief information officer at Computerware, Inc., in Vienna, Virginia.


Leave a Reply

Your email address will not be published. Required fields are marked *