Security News > 2024 > February > New IDAT loader version uses steganography to push Remcos RAT
A hacking group tracked as 'UAC-0184' was observed utilizing steganographic image files to deliver the Remcos remote access trojan onto the systems of a Ukrainian entity operating in Finland.
Steganography is a well-documented but rarely seen tactic that involves encoding malicious code into the pixel data of images to evade detection by solutions using signature-based rules.
Tricked recipients opening the shortcut file attachment trigger an infection chain that launches an executable, which in turn activates a modular malware loader named 'IDAT.'.
The final stage involves the decryption and execution of the Remcos RAT, a commodity malware that hackers employ as a backdoor on compromised systems, allowing stealthy data theft and victim activity monitoring.
Morphisec says IDAT also delivers malware like Danabot, SystemBC, and RedLine Stealer, but it is unclear if these families were seen in the Finland-based computers or in different attacks.
Russian military hackers target Ukraine with new MASEPIE malware.