A novel malware strain, I2PRAT, has been discovered utilizing the I2P network for command and control communication. The infection begins with a phishing email leading to a fake CAPTCHA page, which tricks users into executing a malicious PowerShell script. The malware employs UAC bypass, Microsoft Defender evasion techniques, and WFP filters to render the victim's machine vulnerable. The RAT's modular structure includes various plugins for different functionalities, such as downloading files, enabling RDP, managing user accounts, and creating scheduled tasks. The malware has been active since at least March 2024 and may be distributed through PrivateLoader.