Regardless of Web Explorer reaching the tip of life in 2022, MSHTA is packaged by default on Home windows methods and is used as a living-off-the-land (LOLBIN) binary to launch malware.
“Even when corporations retire legacy merchandise, elements of their ecosystem can persist in Home windows for years to assist older workflows and enterprise compatibility necessities,” the researchers defined in a weblog publish. “Risk actors continuously abuse trusted, preinstalled Home windows binaries to execute malicious content material whereas counting on software program already current on the system.”
Microsoft didn’t instantly touch upon the problem.
Bitdefender researchers noticed MSHTA showing throughout an infection chains related to commodity stealers similar to LummaStealer and Amatera, multi-stage loaders like CountLoader and Emmenhtal Loader, banking trojans together with ClipBanker, and even the long-running PurpleFox malware household.
