To make sure their potential victims don’t suspect that they’re the targets of an attack, cybercriminals often rely on harmless-looking Windows Help files (.hlp) to spreads pieces of malware.
that in the past period cyberattacks using this attack vector have been aimed at government and industry sectors.
According to researchers, everything starts with a simple email which informs the recipient of a “White Paper on corporate strategic planning.” In reality, the attachment is not a white paper, but a cleverly designed Windows Help file.
The Help file’s functionality permits a call to the Windows API, which allows the attacker to execute code and install other malicious elements.
Experts emphasize the fact that this functionality exists by design, it’s not an exploit.
In the attacks identified so far, cybercriminals were trying to spread Trojan.Ecltys and Backdoor.Barkiofork – pieces of malware often utilized in targeted attacks against government agencies and the industry sector.
Most of the threats have been identified in the US, China, India and France.