Source: https://cobaltstrike.net/2022/03/27/windows-users-are-being-attacked-by-the-vidar-spyware/
Trustwave has warned about new attacks on Windows users in order to steal data. The attackers use the Vidar spyware and distribute it through fake emails from Microsoft support.
Vidar is a Windows spyware and information theft tool available for purchase by cybercriminals. Vidar can collect OS and user data, online service and cryptocurrency account data, as well as credit card information.
The report says that the attackers sent a virus hidden in an HTMLHelp format file— a proprietary contextual help file format developed by Microsoft. Usually, such documents contain information on certain issues. However, when the file is launched, the malicious document is unpacked app.exe .
Experts urge citizens to open documents that come from unknown sources with caution.