Remcos RAT deployed via IDAT Loader

Attacks leveraging the IDAT Loader to facilitate Remcos RAT distribution have been deployed by the UAC-0184 threat operation against a Finland-based Ukrainian organization, reports The Hacker News.

Steganography has been utilized by IDAT Loader, which has similarities with the Hijack Loader, for Remcos RAT distribution, with the remote access trojan previously spread by the TA544 threat operation using the same malware loader, according to a report from Morphisec. "While steganographic, or 'Stego' techniques are well-known, it is important to understand their roles in defense evasion, to better understand how to defend against such tactics," said Morphisec researcher Michael Dereviashkin. Such a development follows a report from Elastic Security Labs detailing the mounting distribution of PikaBot malware in attacks since earlier this month. Operators of PikaBot have also been working on a new version with more robust obfuscation and a novel unpacking approach, according to Elastic Security Labs. "The core module has added a new string decryption implementation, changes to obfuscation functionality, and various other modifications," researchers added.