AhnLab reported CHM malware distribution against South Korean users, connecting the lure family to prior Kimsuky activity that used LNK, DOC, OneNote, and press-release themes. The CHM file runs embedded script content, creates files under the user profile, and ultimately sends user information and keylogging data to attacker infrastructure, making it a credential and information theft threat.