1. Forum
  2. tqwNet
  3. TQW GENTECH

  • 'This reveals a broader security problem': Experts warn a key Mic

    From TechnologyDaily@1337:1/100 to All on Thursday, May 21, 2026 01:30:24
    'This reveals a broader security problem': Experts warn a key Microsoft
    legacy tool is still being abused to launch malware campaigns

    Date:
    Thu, 21 May 2026 00:20:00 +0000

    Description:
    MSHTA is being used for both simple and advanced threats, deploying loaders and infostealers.

    FULL STORY ======================================================================Copy link Facebook X Whatsapp Reddit Pinterest Flipboard Threads Email Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Subscribe to our newsletter Bitdefender reports rising
    abuse of the legacy MSHTA utility to deliver infostealers and loader malware Campaigns range from simple commodity threats like LummaStealer to advanced persistence tools such as PurpleFox Defenders are urged to restrict outdated scripting utilities and deploy layered security controls to detect malicious script activity Cybercriminals are increasingly using a legitimate legacy Windows tool to deploy infostealers and loader malware, researchers are saying.

    A new Bitdefender report has claimed that since the start of 2026, theres
    been an uptick in activity related to a Windows utility called Microsoft HTML Application Host (MSHTA), a legitimate utility that runs special HTML-based application files known as HTAs. While normal web pages get opened in a browser, HTA files interact directly with the Windows operating system and
    can execute scripts with elevated privileges. Latest Videos From You may like Microsoft warns ClickFix attacks targeting Windows Terminal to trick users into running malware Experts warn of 'highly sophisticated' weaponized JPEG campaign used to send out ScreenConnect malware New WhatsApp malware campaign uses renamed Windows tools to evade detection Simple and complex threats
    MSHTA is an old tool that was originally designed for lightweight desktop and administrative tasks but is, as many other legacy tools, being abused to run malicious scripts, download malware, or bypass security controls.

    Since the start of the year, we have observed an increase in MSHTA-related activity, Bitdefender said. Given that legitimate use of this utility is gradually fading, this trend likely reflects a rise in malicious activity rather than renewed administrative adoption.

    The activity the researchers analyzed spans multiple malware categories, they further explained, saying that theyve seen both simple and more complex campaigns. At the simpler end, MSHTA is heavily used to deliver commodity infostealers such as Amatera, or LummaStealer. It is also used for loaders such as CountLoader or Emmenthal.

    When it comes to more advanced, persistent threats, Bitdefender saw crooks deploying ClipBanker and PurpleFox. Are you a pro? Subscribe to our
    newsletter Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed! Contact me
    with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

    This range of abuse highlights why MSHTA continues to matter to defenders:
    its not a single malware family or intrusion model, they explained. It
    remains useful across the spectrum from opportunistic malware delivery to long-lived compromise.

    To defend against MSHTA-based attacks, organizations should ensure both user awareness and layered security controls, it was said. Users should avoid downloading untrusted files or running suspicious commands, while organizations should deploy security tools capable of detecting malicious scripts, or command-line abuse.

    The company also recommends restricting utilities like mshta.exe and wscript.exe where possible and replacing outdated scripting tools with modern alternatives to reduce the attack surface. The best antivirus for all budgets Our top picks, based on real-world testing and comparisons

    Read our full guide to the best antivirus 1. Best overall: Bitdefender Total Security 2. Best for families: Norton 360 with LifeLock 3. Best for mobile: McAfee Mobile Security Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds.



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/this-reveals-a-broader-security-problem -experts-warn-a-key-microsoft-legacy-tool-is-still-being-abused-to-launch-malw are-campaigns


    --- Mystic BBS v1.12 A49 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)