
Hidden in the Pixels: LSB Steganography Exfil From an Infected Endpoint
A LummaC2/Vidar-style infostealer smash-and-grab. A finance analyst was tricked by a fake CAPTCHA (ClickFix) into pasting an mshta command into the Run box, which staged hidden PowerShell, downloaded the Lumma stealer, and harvested browser credentials, cookies, and wallet artifacts. To smuggle the loot out, the operator LSB-encoded the stolen blob into an oversized PNG and uploaded it to a public image host, off the command-and-control channel. Reconstruct the chain from SIEM and perimeter firewall telemetry and classify the key ATT&CK techniques.
Launches today
Friday, July 3, 2026 at 9:00 AM
Be ready the moment it drops — free forever.
Training Tools
What you'll investigate
7 objectives unlock when this operation goes live.
Be first when it launches
Create your free account now. The moment this operation goes live on Jul 3, 2026, you can jump straight in — and you'll have the rest of the catalog to train on meanwhile.
Get Started FreeNo credit card required — free forever