A new malware attack is underway against Windows systems, according to cybersecurity company Trustwave. The company’s SpiderLabs team claims that the malware campaign, which is called Vidar, mimics Microsoft support/help files to trick unsuspecting users.
Targets who interact with the files could have their data stolen, including personal information. Threat actors target Microsoft Compiles HTML Help (CHM) files. Although these are no longer widely used by the company, they are still on Windows systems to provide platform help documentation.
Vidar is malware that imitates CHM files. The attackers send the packet via email, so there is also a phishing component to this threat. ISOs sent by email will be disguised as a “request.doc” file. This is designed to look like a real Microsoft file, so unsuspecting users may fall for it.
Advertisement
ISO request.doc contains malicious files:
- A corrupted Microsoft CHM that SpiderLabs calls “pss10r.chm”.
- An executable called “app.exe”.
Offensive
If a Windows user extracts the files, the system is infected. It should be noted that pss10r.chm CHM is a legitimate Microsoft file. However, coupled with Vidar exe file, it becomes malicious.
“Vidar creates its own folder in C:ProgramData. The data it collected from the infected system is saved in C:ProgramData
The CHM allows the Vidar exe to execute and deliver its payloads. SpiderLabs breaks down the details of the attack in its official report. Once on a machine, Vidar steals information about browsing activity and other Windows services.
Tip of the day: Do you often experience your PC freezing or crashing with blue screens of death (BSOD)? Next, you should use Windows Memory Diagnostic to test your computer’s RAM for any issues that may be caused by damaged memory modules. It is a tool built by Microsoft that can be launched at startup to run various memory checks.
Advertisement
Comments are closed.