Opening the file from the archive installs the spyware SPECTR and FIRMACHAGENT.
These programs steal data and send it to the attackers' server.
The attack is carried out by the UAC-0020 (Vermin) group, linked to the occupiers.
🛡️ How to protect yourself:
Restrict user rights on PCs: remove them from the "Administrators" group.
Apply SRP/AppLocker policies to block the execution of .CHM files and powershell.exe.
