What the Shell? New Security Breach Uses CHM Files to Cover Banking Trojans

Seashells and coins on a desktop computer keyboard.









Another day, another banking Trojan. As reported by Bleeping Computer, a security researcher discovered a Brazilian-based email attack that masquerades as an email from WhatsApp, then runs PowerShell commands to download and install financial malware.

Malicious CHM Files Mask Banking Trojan

While most current malware spam efforts rely on JavaScript (JS) or Visual Basic Script (VBScript) attachments, the newest iteration uses files that claim to be WhatsApp conversation logs. If a user with a Brazilian IP address clicks the embedded link, a zip file containing the malicious CHM β€” a compiled HTML attachment β€”is downloaded, which launches the Microsoft HTML Help program (hh.exe) to display the HTML file.

Source: www.securityintelligence.com


%d bloggers like this: