In a recent malware campaign, threat actors utilized a new IDAT Loader to distribute a range of malicious software, including InfoStealers and RATs, employing evasion methods. This loader is packaged within DLLs and discreetly activated by legitimate applications like VMWarehost, Python, and Windows Defender as part of the Fake Update campaign.