be careful ! This dangerous Windows malware is hiding in Microsoft’s help files

be careful !  This dangerous Windows malware is hiding in Microsoft’s help files

Trustwave security experts have just sounded the alarm: a new wave of Vidar distribution, a Malware Known and particularly malicious, is in progress.

However, instead of hiding in an executable file, this time the malware is hiding in the Microsoft Help file.

Malware spreads via classic spam you receive in your mailbox. The message contains an attachment, which the sender encourages you to open with these words: “This information is important to you. Please see the attachment to this email.” This is where malware comes in.

To better hide itself from the eyes of its victims, the malware hides in a .DOC file called “REQUEST.DOC”. But don’t be fooled by its extension, it is actually a .ISO file. Inside is an HTML file compiled in CHM format, generally called “PSS10R.CHM”. And still inside the ISO is an executable file named “APP.EXE”.

Once the CHM file or executable file is opened, a small JavaScript code is run. Vidar malware can commit its sins. It creates its own folder in C:\ProgramData and sends the collected data to the server. If necessary, it can also download another executable file, which is also a malicious program. Once committed, the malware erases its own traces in the ProgramData folder and deletes the DLLs created for the occasion.

Vidar is able to recover operating system data, but also and above all user data. It can also steal all payment data (credit card, online payment service, etc.). And to shut everything down, it is even possible for him to steal the information that allows him to identify himself for the cryptocurrency service.

See also  Oculus Quest: V37, a lista oficial do que há de novo neste novo firmware

The first appearance of the Vidar malware dates back to 2018. The program is believed to be of Russian origin. Why such an assumption of the security experts who discovered Vidar? The malware immediately stops its violations when it is installed on a device located in Russia, or the keyboard of the infected computer has a Russian keyboard.

As usual, we advise you not to open an attachment from an unknown sender. Second, scan this attachment with an antivirus, such as BitDefender, Norton Security, Avast, or Microsoft Defender.

with PhonAndroid.

You May Also Like

About the Author: Octávio Florencio

"Evangelista zumbi. Pensador. Criador ávido. Fanático pela internet premiado. Fanático incurável pela web."

Leave a Reply

Your email address will not be published. Required fields are marked *