Skip to main content
IDAT Loader: Fake Chrome Update to Stealer operation cover
COMING SOONIntermediatePRO

IDAT Loader: Fake Chrome Update to Stealer

A fake Chrome update page convinced an estimator their browser was out of date, and one installer later their saved passwords and wallet data were on their way to an unknown host. Follow the chain from a drive-by MSI through msiexec, a signed application side-loading the IDAT Loader, process injection, and StealC and Lumma infostealers to a single command-and-control endpoint.

1h
6 tasks
50 points
Pro

Launches today

Jul 3, 2026

Friday, July 3, 2026 at 9:00 AM

View Pro plans

Pro unlocks this operation at launch.

Training Tools

SIEMXDRFirewall

What you'll investigate

6 objectives unlock when this operation goes live.

1Scope the intrusion
2Find the fake update page
3Recover the installer hash
4Identify the side-loaded library
5Recover the command-and-control host
6Classify the side-loading technique

Be first when it launches

Create your account and grab Pro before launch. The moment this operation goes live on Jul 3, 2026, you can jump straight in.

Get Started Free

No credit card required — free forever