{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreig6fpvsqfyatae6yiz5yt6rhjuynn47xvaeu3y5yyydcv3k33cvbm",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mmi22ymbdxk2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreiahcvwn5sb6baiadkdgw6662rfgqarydejen35knvd5qzuixtnh24"
    },
    "mimeType": "image/webp",
    "size": 23930
  },
  "path": "/hackers-abuse-mshta-to-deliver-lummastealer-and-amatera-malware/",
  "publishedAt": "2026-05-22T16:28:15.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "Hackers Abuse MSHTA to Deliver LummaStealer and Amatera Malware",
    "VPN Central"
  ],
  "textContent": "Attackers are increasingly abusing MSHTA, a legacy Windows utility, to deliver malware such as LummaStealer, Amatera, CountLoader, Emmenhtal Loader, ClipBanker, and PurpleFox. The tool remains available by default on Windows, making it useful for threat actors who want to run scripts through a trusted Microsoft-signed binary. MSHTA, short for Microsoft HTML Application Host, can execute […]\n\nThe post Hackers Abuse MSHTA to Deliver LummaStealer and Amatera Malware appeared first on VPN Central.",
  "title": "Hackers Abuse MSHTA to Deliver LummaStealer and Amatera Malware"
}