We show two examples of HTA induced infections we have seen recently. HTA is short for HTML Application, which is programs based on HTML and one or more scripting languages. An HTA runs as a fully trusted application and as a result has a lot more privileges than a normal application. Given the name of the file, it was probably offered as an update or patch for Google Chrome. The first HTA infection I can remember was CWSMSOffice in 2003 where an HTA file was hidden in the Fonts folder that was triggered by Run registry keys.”]
Source: https://blog.malwarebytes.com/cybercrime/2016/09/surfacing-hta-infections/

