Windows Help File Distributes AsyncRAT

February 8, 2023

Microsoft Windows help files (*.chm) were used to distribute variants of the AsyncRAT remote access trojan. The infection process started with the user executing the chm file causing a blank help window to pop-up while malicious scripts were executed, and the RAT was downloaded from a remote server. The payload exfiltrated sensitive data over SMTP to the actor's command-and-control servers.
Subscribe