According to the latest report, Cybersecurity firm Trustwave’s security team SpiderLabs has warned Windows users to be aware of a new piece of malware called Vidar that disguises itself as a Microsoft support or help file. Therefore, unsuspecting users can easily become victims, and Vidar is a type of malware that can steal the information of exploited victims.
Join tip3x on Telegram
Microsoft Compiled HTML Help (CHM) files, although somewhat uncommon these days, are used to provide various help documents and more. This malicious Vidar CHM malware is distributed via email in ISO containers. This ISO is disguised as a “request.doc” file.
In the request.doc ISO file, there are several malicious files, including Microsoft Compiled HTML Help (CHM) named “pss10r.chm” and an executable named “app.exe”. Once the user is tricked into extracting these files, the user’s system will be compromised. The former “pss10r.chm” is actually usually a legitimate file, but the accompanying exe file is Vidar.
The purpose of the malicious CHM is to run another file, app.exe, which contains the Vidar malware, to successfully deliver the payload. As mentioned above, Vidar is a stealing malware that can steal information and data from other places such as browsers.
