To make sure their potential victims don’t suspect that they’re the targets of an attack, cyber criminals are relying on harmless-looking Windows Help files (.hlp) to spreads pieces of malware.
Cyberattacks using this attack vector are aiming at government and industry sectors, according to a Symantec report.
Everything starts with a simple email which informs the recipient of a “White Paper on corporate strategic planning.” In reality, the attachment is not a white paper, but a cleverly designed Windows Help file, the researchers said.
The Help file’s functionality permits a call to the Windows API, which allows the attacker to execute code and install other malicious elements.
The fact this functionality exists by design, it’s not an exploit, the researchers said.
In the attacks identified so far, attackers were trying to spread Trojan.Ecltys and Backdoor.Barkiofork – pieces of malware often utilized in targeted attacks against government agencies and the industry sector.
Most of the threats are in the U.S., China, India and France.