1 min read

Microsoft Help Files Are Being Used To Distribute This Spyware

Heroic Technologies : Updated on August 5, 2025

Cybersecurity

Diana Lopera is a researcher for Trustwave Cybersecurity and has stumbled across something that’s one part interesting and one part disturbing.

Apparently, a group of hackers are trying a new approach to distribute their malicious code which is leveraging Microsoft’s HTML help files.

Yes, you read that correctly.  It’s an innovative technique that’s not only proving to be surprisingly effective, it is also proving to be notoriously difficult to detect. Even worse is that it’s not even a terribly sophisticated attack.

Here’s an overview of how it works:

Naturally, it begins with an email.  The email contains a generic subject line and an attachment, often entitled “Reques.doc” or similar.

This file is not a doc, but an .iso file.  A disk image.  The image contains a pair of files.  One of them is a Microsoft Compiled HTML Help file (CHM) and the other is an executable.

By exploiting the capabilities of the help file, the executable can install its malicious payload. In this case it is a malware strain called Vidar.

Vidar then establishes a link to its command-and-control server via Mastodon, which is a multi-platform open-source social networking system.  Once that connection has been established, Vidar goes to work harvesting user data from the infected system and exfiltrating it to the command-and-control server.

In at least one confirmed instance, Vidar was also spotted downloading and executing additional malware payloads.

Don’t Ignore This Serious Threat

Sophisticated or not, this new campaign has proved to be highly effective. Given that Vidar can serve as how other malware payloads wind up on an infected machine, this should be regarded as a serious threat.  Those “other payloads” could be anything from ransomware which will lock all the files on your network, to malicious code that has been optimized to steal banking information and everything in between.

Be sure your employees, friends, and family are aware and on their guard.  This is a nasty piece of code.

Used with permission from Article Aggregator
The Real Meaning of Compliance for CFOs: Turning Controls Into Predictable Spend

The Real Meaning of Compliance for CFOs: Turning Controls Into Predictable Spend

Nick: Mar 9, 2026 10:45:00 AM

When we talk about compliance, the immediate reaction is often a collective groan. For many in the finance world, compliance is synonymous with...

Business Continuity Compliance
Read More
Navigating Zero-Trust Audits in 2026: A Guide for MSPs

Navigating Zero-Trust Audits in 2026: A Guide for MSPs

Nick: Mar 5, 2026 1:30:00 PM

In the rapidly changing universe of cybersecurity, "zero trust" has shifted from a buzzword to a fundamental operational requirement. By 2026, the...

Business Continuity Compliance
Read More
The Future of Governance: From Manual to Autonomous Solutions in Compliance Management for Modern Businesses

The Future of Governance: From Manual to Autonomous Solutions in Compliance Management for Modern Businesses

Nick: Mar 2, 2026 4:15:00 PM

Compliance used to be the department where innovation went to die. For decades, it was synonymous with "The Department of No"; a necessary evil...

Compliance Automation
Read More

Update Now If You Run This WordPress Plugin

Heroic Technologies : May 9, 2022 9:45:00 AM

Millions of people around the world have leveraged the awesome power of WordPress to build their sites. Whether for personal or business use,...

Cybersecurity
Read More

Mobile Devices Connected to Windows Known as Phone Link

Heroic Technologies : Apr 13, 2022 10:30:00 AM

Microsoft recently announced that it was doing a bit of re-branding.

Tech Tips
Read More

Microsoft Teams Gets Optimizations To Use Less Resources

Heroic Technologies : Mar 2, 2022 4:00:00 PM

Do you use Microsoft Teams and do you have an older PC that struggles with Teams video meetings? If so there’s good news. Microsoft has recently...

Tech Tips
Read More