Sneaky new spyware is hiding in Microsoft help files – What to watch for
Phishing scams are some of the most prevalent schemes cybercriminals have up their sleeves these days. These attacks can come in many forms including phone calls, text messages and emails.
A current trend is spoofing high-profile companies to trick you into thinking you’re dealing with someone that you do business with. A recent example is when criminals sent emails pretending to be invites to Zoom meetings. Tap or click here for details on this sneaky trick.
Now, cybercriminals are using spoofed Microsoft emails to try and infect your device with spyware. Keep reading to find out how they’re doing it and ways to stay protected.
Here’s the backstory
Microsoft’s Windows comes with a variety of helpful hints and suggestions. But when things get more complex than usual, you can open help files for guidance. The most common is a Microsoft Compiled HTML Help (CHM) file. It can include images, text, tables and links.
When used for its intended purpose, it looks similar to an outdated web page. But security researchers at Trustwave discovered that cybercriminals exploit the CHM capabilities to launch spyware attacks.
Criminals embed the Vidar spyware into a CHM file to bypass antivirus software and email scanners. When opened on a Windows computer, the operating system assumes it is a valid file and inadvertently triggers the spyware.
Vidar is used for a variety of nefarious activities but is most notable for stealing your data, app and service login details and cryptocurrency accounts. It also gathers information about your computer and operating system.
What you can do about it
Trustwave explains that the infected help files are being spread through email phishing campaigns in a blog post. The email’s subject line and body text are relatively benign and often try to draw your attention to download an attached file.
The file name is the same in most cases (request.doc) but is actually an executable attachment. If you click on it, your device will be infected with malware.
Here are some tips on how to stay safe from phishing emails:
- Don’t click on links and attachments that you receive in unsolicited emails. They could be malicious and infect your device with malware.
- If the message gives you a sense of urgency, delete it.
- Spelling and grammar errors are big red flags.
- Use two-factor authentication and password managers for better security.
- Keep your operating systems, apps and devices updated with the latest official software and patches.
- Always have a trusted antivirus program updated and running on all your devices. We recommend our sponsor, TotalAV. Right now, get an annual plan with TotalAV for only $19 at ProtectWithKim.com. That’s over 85% off the regular price!
Keep reading
Phone hacked? Apple says it will alert you if your iPhone is infected with spyware
FTC just banned a spyware app with 1M downloads – How to know if it’s on your phone
Tags: antivirus, antivirus software, Apple, Apple iPhone, apps, cybercriminals, devices, malware, operating systems, password managers, phishing, Phishing Emails, scams, spoofing, spyware, two-factor authentication