Spyware campaign uses Microsoft Help files to avoid detection

Hp Spectre X360 14
Hp Spectre X360 14 (Image credit: Daniel Rubino / Windows Central)

What you need to know

  • Threat actors are hiding Vidar spyware inside Microsoft Compiled HTML Help files.
  • Vidar can be used to steal information from a person's PC.
  • An email campaign claims to have a document that people need to download, but it actually contains the Vidar spyware hidden as a help file.

Threat actors are hiding Vidar spyware inside Microsoft Compiled HTML Help (CHM) files as part of an email spam campaign. Vidar can be used to steal information from a computer, such as user data. The stolen information can be quite valuable, including credit card information and account details. Trustwave's Diana Lopera broke down the attack campaign in a recent post (via ZDNet).

The attack uses an age-old strategy of getting people to download seemingly innocent files that are actually malicious. This isn't a new attack strategy by any means. Threat actors often make malicious files appear to be helpful or important documents. This causes people to bypass security measures, approve downloads, and open many other avenues for attacking a PC.

In this specific campaign, an email is spammed out with a CHM file labeled "request.doc." That file contains an ISO image that has an executable file and a CHM file. If unpacked, the CHM file can run an EXE to spread the Vidar spyware.

Microsoft Compiled HTML Help files are meant to be used to share useful information and documentation. Unsuspecting victims that download the email attachment may assume that they're getting something important rather than spyware.

To protect yourself against this campaign, you should implement the standard protections against email spam, such as making sure you know where an email originates before you download any attachments. It's also a good idea to use the best antivirus software to protect your PC.

Sean Endicott
News Writer and apps editor

Sean Endicott is a tech journalist at Windows Central, specializing in Windows, Microsoft software, AI, and PCs. He's covered major launches, from Windows 10 and 11 to the rise of AI tools like ChatGPT. Sean's journey began with the Lumia 740, leading to strong ties with app developers. Outside writing, he coaches American football, utilizing Microsoft services to manage his team. He studied broadcast journalism at Nottingham Trent University and is active on X @SeanEndicott_ and Threads @sean_endicott_.