Windows Help File Distributes AsyncRAT
Microsoft Windows help files (*.chm) were used to distribute variants of the AsyncRAT remote access trojan.
The infection process started with the user executing the chm file causing a blank help window to pop-up while malicious scripts were executed, and the RAT was downloaded from a remote server.
The payload exfiltrated sensitive data over SMTP to the actor's command-and-control servers.