"New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT"
A malicious campaign against Ukrainian entities based in Finland has been distributing the commercial Remote Access Trojan (RAT) named Remcos RAT through a malware loader called IDAT Loader. The attack, carried out by a threat actor known as UAC-0184, used steganography. IDAT Loader, which overlaps with another loader family called Hijack Loader, has recently been used to serve additional payloads such as DanaBot, SystemBC, and RedLine Stealer. A threat actor tracked as TA544 has also used it to deliver Remcos RAT and SystemBC in phishing attacks. This article continues to discuss findings regarding the new IDAT Loader attacks.
THN reports "New IDAT Loader Attacks Using Steganography to Deploy Remcos RAT"
Submitted by grigby1
Submitted by Gregory Rigby
on