This episode details a new variant of the FakeBat malware, dubbed IvanLoader, which uses malvertising to deliver a malicious MSIX file. IvanLoader uniquely leverages Telegram bots to receive commands, making the attack more dynamic. The attack chain proceeds with the download and execution of a second-stage payload (EugenLoader), ultimately deploying ArechClient2 (Sectop RAT). The episode provides technical analysis, Indicators of Compromise (IOCs), detection methods, and mitigation strategies for this sophisticated threat. Researchers from Critical Start authored this analysis, citing various sources.