Hackers Abuse MSHTA to Deliver LummaStealer and Amatera Malware
VPN Central [Unofficial]
May 22, 2026
Attackers are increasingly abusing MSHTA, a legacy Windows utility, to deliver malware such as LummaStealer, Amatera, CountLoader, Emmenhtal Loader, ClipBanker, and PurpleFox. The tool remains available by default on Windows, making it useful for threat actors who want to run scripts through a trusted Microsoft-signed binary. MSHTA, short for Microsoft HTML Application Host, can execute […]
The post Hackers Abuse MSHTA to Deliver LummaStealer and Amatera Malware appeared first on VPN Central.
Discussion in the ATmosphere