VERY IMPORTANT

Malware authors are evolving their techniques to evade network and host-based detection mechanisms. Stegoloader could represent an emerging trend in malware: the use of digital steganography to hide malicious code. The Stegoloader malware family (also known as Win32/Gatak.DR and TSPY_GATAK.GTK despite not sharing any similarities with the Gataka banking trojan) was first identified at the end of 2013 and has attracted little public attention. Dell SecureWorks Counter Threat Unit(TM) (CTU) researchers have analyzed multiple variants of this malware, which stealthily steals information from compromised systems. Stegoloader's modular design allows its operator to deploy modules as necessary, limiting the exposure of the malware capabilities during investigations and reverse engineering analysis. The modules analyzed by CTU researchers list recently accessed documents, enumerate installed programs, list recently visited websites, steal passwords, and steal installation files for the IDA tool.