Microsoft’s aging “mshta.exe” utility, a leftover component from Internet Explorer, is still being actively abused in modern malware campaigns years after the browser itself was retired.
According to new research from Bitdefender, attackers continue to abuse Microsoft HTML Application Host (MSHTA), a built-in Windows utility capable of executing VBScript and JavaScript from local or remote files.
Despite Internet Explorer reaching the end of life in 2022, MSHTA is packaged by default on Windows systems and is used as a living-off-the-land (LOLBIN) binary to launch malware.
“Even when companies retire legacy products, parts of their ecosystem can persist in Windows for years to support older ...