Malicious email campaign deploys info stealer malware — beware

(Image credit: Snappa)

Cybersecurity researchers recently discovered an info-stealing malware deployed through a malicious email campaign, and all it takes is for tricked victims to open and extract the contents of a sneaky attachment.

Spotted by cybersecurity company Trustwave (via BGR), the threat actors send spam emails to potential victims and attach an ISO file disguised as a "request.doc." Once executed,  the malware is capable of  "harvesting system information and data from a wide range of browsers and other applications." 

As senior security researcher Diana Lopera states, an ISO file format is often used by cybercriminals to use as a malware container. In this instance, the email attachment features two files, including a Microsoft Compiled HTML Help (CHM) file “pss10r.chm” and an executable “app.exe.”

Vidar malware spam message via Trustwave (Image credit: Trustwave)

Once the attachment is open and the files are extracted, the malware compromises the system. With CHM, a Microsoft Compiled HTML Help format often used for software documentation, the file can silently run the app.exe. Once it's finished, it can delete the files it created to erase any evidence.

"MailMarshal supports the unpacking of ISO and CHM files," Lopera explains. "One of the objects unpacked from the CHM is the HTML file “PSSXMicrosoftSupportServices_HP05221271.htm”- the primary object that gets loaded once the CHM “pss10r.chm” is opened. This HTML has a button object which automatically triggers the silent re-execution of the CHM “pss10r.chm” with mshta."

For a deeper dive into how the malware works, check out Trustwave's report. Trustwave didn't note any victims of the email campaign, but hackers are still capable of sending spam emails with the cyber threat attached to any email account, including Gmail.

As always, be wary of suspicious emails with unknown attachments, and stay clear of opening them if you're not familiar with the sender. Last year, we reported that your Gmail is worth more than a bank account on the dark web, seeing as email accounts are generally a hub of private information. To keep safe online, consider getting one of the best antivirus apps for your devices. 

Darragh Murphy

Darragh Murphy is fascinated by all things bizarre, which usually leads to assorted coverage varying from washing machines designed for AirPods to the mischievous world of cyberattacks. Whether it's connecting Scar from The Lion King to two-factor authentication or turning his love for gadgets into a fabricated rap battle from 8 Mile, he believes there’s always a quirky spin to be made. With a Master’s degree in Magazine Journalism from The University of Sheffield, along with short stints at Kerrang! and Exposed Magazine, Darragh started his career writing about the tech industry at Time Out Dubai and ShortList Dubai, covering everything from the latest iPhone models and Huawei laptops to massive Esports events in the Middle East. Now, he can be found proudly diving into gaming, gadgets, and letting readers know the joys of docking stations for Laptop Mag.