Microsoft Help Files Disguise Vidar Malware

2022-03-24 13:10

The trick to this particular campaign is that it conceals its complex malware behind a Microsoft Compiled HTML Help file, Microsoft's proprietary file format for help documentation saved in HTML. In other words, it's the kind of file you almost never look at or even think about.

CHM files in a nested attack that prioritizes obfuscation.

As the report notes, hackers have learned how to repurpose ISO files as malware containers.

ISO file contains a.CHM file named "Pss10r.chm." Towards the end of the file's code is a snippet of HTML application code containing JavaScript that covertly triggers a second file, "App.exe." This is Vidar malware.

Once the job is done, the malware covers its tracks by deleting all the files it's created.

This nested approach and the use of unassuming Help files is all in the name of obfuscation, of course.

News URL

https://threatpost.com/microsoft-help-files-vidar-malware/179078/

#malware #microsoft

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Microsoft		365	49	1368	2821	162	4400

News URL

Related news

Related vendor