"Microsoft Help Files Disguise Vidar Malware"

Trustwave SpiderLabs released a report detailing a new phishing campaign that plants the Vidar information-stealing malware on target machines. This malicious campaign hides its complex malware behind a Microsoft Compiled HTML Help (.CHM) file, which is Microsoft's proprietary file format for help documentation saved in HTML. The attackers do not expect users to ever look at this type of file. Vidar is described as a jack-of-all-trades information-stealing malware deriving from the Arkei malware family. The Vidar malware has been discovered to steal documents, cookies, browser histories, currency from cryptocurrency wallets, data from two-factor authentication software, text messages, and more. According to researchers, the package also provides malware operators Telegram notifications for logs. The threat actors can customize the stealer through profiles, thus allowing them to specify the type of data they are seeking. This article continues to discuss the capabilities, distribution, and obfuscation of Vidar malware through Microsoft help files. 

Threatpost reports "Microsoft Help Files Disguise Vidar Malware"