1 min read

Microsoft Help Files Are Being Used To Distribute This Spyware

Heroic Technologies : Updated on March 18, 2026

Cybersecurity

Diana Lopera is a researcher for Trustwave Cybersecurity and has stumbled across something that’s one part interesting and one part disturbing.

Apparently, a group of hackers are trying a new approach to distribute their malicious code which is leveraging Microsoft’s HTML help files.

Yes, you read that correctly.  It’s an innovative technique that’s not only proving to be surprisingly effective, it is also proving to be notoriously difficult to detect. Even worse is that it’s not even a terribly sophisticated attack.

Here’s an overview of how it works:

Naturally, it begins with an email.  The email contains a generic subject line and an attachment, often entitled “Reques.doc” or similar.

This file is not a doc, but an .iso file.  A disk image.  The image contains a pair of files.  One of them is a Microsoft Compiled HTML Help file (CHM) and the other is an executable.

By exploiting the capabilities of the help file, the executable can install its malicious payload. In this case it is a malware strain called Vidar.

Vidar then establishes a link to its command-and-control server via Mastodon, which is a multi-platform open-source social networking system.  Once that connection has been established, Vidar goes to work harvesting user data from the infected system and exfiltrating it to the command-and-control server.

In at least one confirmed instance, Vidar was also spotted downloading and executing additional malware payloads.

Don’t Ignore This Serious Threat

Sophisticated or not, this new campaign has proved to be highly effective. Given that Vidar can serve as how other malware payloads wind up on an infected machine, this should be regarded as a serious threat.  Those “other payloads” could be anything from ransomware which will lock all the files on your network, to malicious code that has been optimized to steal banking information and everything in between.

Be sure your employees, friends, and family are aware and on their guard.  This is a nasty piece of code.

Used with permission from Article Aggregator
Build vs. Buy: The Cloud Cost Equation You Can’t Ignore

Build vs. Buy: The Cloud Cost Equation You Can’t Ignore

Nick: Mar 16, 2026 11:00:00 AM

In the early days of tech, if you wanted a specific tool, you often had to build it yourself. There wasn't a SaaS product for every niche problem,...

Business Continuity Cloud Computing
Read the full blog
Engineering ML Pipelines That Defy Data Gravity

Engineering ML Pipelines That Defy Data Gravity

Nick: Mar 12, 2026 1:00:00 PM

For years, we’ve heard the mantra that data is the new oil, a valuable resource to be extracted and refined. But any IT director managing a growing...

Business Continuity Cloud Computing
Read the full blog
Top 5 Managed IT Service Providers for Portland Businesses

Top 5 Managed IT Service Providers for Portland Businesses

Heroic Technologies: Mar 11, 2026 7:48:26 AM

If you run a business in Portland, there is a good chance you have felt at least one of these in the last year:

Read the full blog

Tricky Ransomware Encrypts Small Data But Overwrites Large Data

Heroic Technologies : May 28, 2022 10:00:00 AM

The MalwareHunterTeam recently discovered a new ransomware operation that is particularly nasty. Called Onyx, outwardly, the operation does what most...

Cybersecurity
Read the full blog

Update Your All In One SEO Plugin For Security Patch

Heroic Technologies : Jan 4, 2022 11:00:00 AM

Do you own and operate a WordPress website? Do you also use the “All in One” SEO plugin?

Cybersecurity
Read the full blog
Advantages of Partnering with Local IT Professional for Your Law Firm

Advantages of Partnering with Local IT Professional for Your Law Firm

Nick Stevens : May 1, 2025 9:00:00 AM

From case management software to secure client communication systems, law firms rely heavily on IT infrastructure to operate efficiently and...

Managed IT Services IT Strategy
Read the full blog