Malicious CHM Being Distributed to Korean Universities
The ASEC analysis team discovered that a malicious CHM file targeting certain Korean universities is distributed on a massive scale. The file that is being distributed is the same type as the one discussed in a post uploaded in May. Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application
CHM Malware Types with Anti-Sandbox Technique and Targeting Companies
Among CHM strains that are recently being distributed in Korea, the ASEC analysis team has discovered those applied with the anti-sandbox technique and targeting companies. Both types were introduced in the ASEC blog in March and May. Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application Malicious Help File
AgentTesla Being Distributed Through Windows Help File (*.chm)
The ASEC analysis team recently discovered AgentTesla being distributed with a new method. Previously, AgentTesla discussed in multiple ASEC blog posts was distributed by the malicious VBA macro inside PowerPoint files (*.ppt). However, the new method uses Windows Help files (*.chm) to run powershell commands. AgentTesla Being Distributed via More
Malicious Help File Disguised as Missing Coins Report and Wage Statement (*.chm)
The ASEC analysis team has discovered a continuous distribution of malware disguised as a Windows Help File (*.chm). The most recent CHM file is identical to the file introduced in <APT Attack Being Distributed as Windows Help File (*.chm)> to download the additional malware. It appears that the CHM file
Backdoor (*.chm) Disguised as Document Editing Software and Messenger Application
The ASEC analysis team confirmed that a backdoor malware disguised as document editing software and messenger application used by many Korean users is being distributed in Korea through malicious CHM files. The team recently introduced malicious CHM files distributed in various forms twice in the ASEC blog in March. The
Malicious Help File Disguised as COVID-19 Infectee Notice Being Distributed in Korea
The ASEC analysis team introduced readers to malware that takes the form of a Windows help file (*.chm) about two weeks ago. The malicious CHM file that was recently discovered is disguised as a notice for people infected with COVID-19 and is being distributed to Korean users. The attacker is
APT Attack Being Distributed as Windows Help File (*.chm)
The ASEC analysis team has recently discovered the distribution of malware disguised as a Windows Help File (*.chm), specifically targeting Korean users. The CHM file is a compiled HTML Help file that is executed via the Microsoft® HTML help executable program. The recently discovered CHM file downloads additional malicious files
