QBot phishing uses Windows Calculator sideloading to infect devices


To side-load the malicious payload onto affected machines, the QBot malware’s creators have been utilising the Windows Calculator.

The way Windows handles Dynamic Link Libraries (DLLs) is exploited by the common attack technique known as DLL side-loading. It entails altering a valid DLL to look like a fake version and putting it in a folder where the operating system loads it rather than the real version. Read More…