Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks

Tuesday, May 19, 2026 at 01:00 PM UTC·Source: SecurityWeek

Updated: Tuesday, May 19, 2026 at 02:00 PM UTC

Executive Summary

Attackers are increasingly abusing Microsoft’s decades-old MSHTA utility to stealthily deliver stealers, loaders, and persistent malware through phishing, fake software downloads, and LOLBIN-based attack chains. The post Legacy Windows Tool MSHTA Fuels Surge in Silent Malware Attacks appeared first on SecurityWeek .

Analysis

Source Attribution

Originally published by SecurityWeek on May 19, 2026.

Related Threats

MEDIUMMalwareNEW

Virtual Event Today: Threat Detection & Incident Response Summit

The speed and sophistication of cyberattacks have outpaced traditional defense methods. Please join us online today from 11AM -4PM ET for the Threat Detection & Incident Response Summit. Don’t miss this virtual event as we explore how to cut through alert fatigue, leverage AI and unified platforms to accelerate investigations, and apply actionable threat intelligence to […] The pos

35m agoSecurityWeek

MEDIUMMalware

Legacy Microsoft Utility Fuels New Wave of Malware

<img src="https://ismg-cdn.nyc3.cdn.digitaloceanspaces.com/articles/legacy-microsoft-utility-fuels-new-wave-malware-image_small-8-a-31716.jpg" align=right hspace=4><b>Researchers Link MSHTA Windows Utility to Lumma Stealer, ClickFix Campaigns</b><br>Cybercriminals continue abusing Microsoft’s legacy MSHTA utility to deliver malware, with researchers saying that the default-enabled Windows componen

20h agoBank Info Security

MEDIUMMalware

From PDB strings to MaaS: Tracking a commodity BadIIS ecosystem used by Chinese-speaking threat

Cisco Talos has uncovered a BadIIS variant — identifiable by its embedded "demo.pdb" strings — that functions as commodity malware, likely sold or shared among multiple Chinese-speaking cyber crime groups operating under a malware-as-a-service (MaaS) model for continuous monetization.

1d agoCisco Talos