QBot malware uses Windows Calculator to side-load attacks

Security researchers have discovered that QBot malware is now using the legitimate Windows Calculator app for DLL side-loading attacks. The method continues to be used in current malspam campaigns.

QBot is a Windows-targeting piece of malware that first started as a banking trojan in 2007, but has since evolved into a malware dropper that's often used by ransomware gangs. Some of the ransomware families that QBot is known to deliver include RansomExx, Maze, ProLock, Egregor and Black Basta. By installing QBot through a trusted program like the Windows Calculator, threat actors can evade detection from many traditional cybersecurity solutions.

The Advanced Email Security pack for Acronis Cyber Protect Cloud detects emails with malicious attachments or URLs and filters them automatically, preventing these threats from ever reaching users' inboxes.