id
type
5 (blog/news article)
status
21 (imported old-v2, waiting for another import)
review version
0
cleanup version
0
pending deletion
0 (-)
created at
2025-10-27 05:55:35
updated at
2025-10-27 05:55:35
url
https://www.infostealers.com/article/fake-update-utilizes-new-idat-loader-to-execute-stealc-and-lumma-infostealers/
url length
115
url crc
61317
url crc32
2521689989
location type
1 (url matches target location, page_location is empty)
canonical status
10 (verified canonical url)
canonical page id
domain id
domain tld
2211
domain parts
0
originating warc id
-
originating url
https://data.commoncrawl.org/crawl-data/CC-MAIN-2025-33/segments/1754151280328.73/warc/CC-MAIN-20250811100340-20250811130340-00745.warc.gz
source type
11 (CommonCrawl)
server ip
Publication date
2025-08-11 11:51:42
Fetch attempts
0
Original html size
150686
Normalized and saved size
110730
title
Fake Update Utilizes New IDAT Loader To Execute StealC and Lumma Infostealers.
excerpt
content
Technical Analysis by: Thomas Elkins, Natalie ZargarovContributions: Evan McCann, Tyler McGraw Recently, Rapid7 observed the Fake Browser Update lure tricking users into executing malicious binaries. While analyzing the dropped binaries, Rapid7 determined a new loader is utilized in order to execute infostealers on compromised systems including StealC and Lumma. The IDAT loader is a new, sophisticated loader that Rapid7 first spotted in July 2023. In earlier versions of the loader, it was disguised as a 7-zip installer that delivered the SecTop RAT. Rapid7 has now observed the loader used to deliver infostealers like Stealc, Lumma, and Amadey. It implements several evasion techniques including Process Doppelgänging, DLL Search Order Hijacking, and Heaven’s Gate. IDAT loader got its name as the threat actor stores the malicious payload in the IDAT chunk of PNG file format. Prior to this technique, Rapid7 observed threat actors behind the lure utilizing malicious Jav...
author
updated
1762712752
block type
0
extracted fields
233
extracted bits
featured image
title
full content
content was extracted heuristically
OpenGraph suggests this is an article
detected location
0
detected language
1 (English)
category id
index version
2025110801
paywall score
0
spam phrases
0
text nonlatin
0
text cyrillic
0
text characters
1070
text words
199
text unique words
135
text lines
1
text sentences
10
text paragraphs
1
text words per sentence
19
text matched phrases
5
text matched dictionaries
2
links self subdomains
0
links other subdomains
0
links other domains
4
links spam adult
0
links spam random
0
links spam expired
0
links ext activities
0
links ext ecommerce
0
links ext finance
0
links ext crypto
0
links ext booking
0
links ext news
0
links ext leaks
0
links ext ugc
0
links ext klim
0
links ext generic
0
image author