New: Threat Exposure Validation Impact Report 2025
Learn More
Join our Summer Webinar Series on Threat Exposure Validation
Register Now
Meet the team at Infosecurity Europe 2025
Book a Meeting

Windows Help File Distributes AsyncRAT

February 8, 2023

Microsoft Windows help files (*.chm) were used to distribute variants of the AsyncRAT remote access trojan. The infection process started with the user executing the chm file causing a blank help window to pop-up while malicious scripts were executed, and the RAT was downloaded from a remote server. The payload exfiltrated sensitive data over SMTP to the actor's command-and-control servers.