Downloader
What is Downloader?
DownloaderLightweight malware whose main function is to retrieve and execute additional malicious payloads from a remote server.
A downloader is a small first-stage program designed to fetch additional malware from attacker infrastructure once it executes. Unlike droppers, downloaders carry little or no payload themselves; they rely on outbound HTTP(S), DNS, or messaging-app channels to contact C2 and pull subsequent stages. This separation keeps the initial binary small and innocuous-looking and lets operators swap payloads on demand. Common downloaders include macro/HTA scripts, JavaScript downloaders, and signed installer trojans. Defences include outbound network filtering, DNS sinkholing of known C2, EDR with download-and-execute pattern detection, mail/web isolation, and disabling risky scripting hosts when not required.
● Examples
- 01
Hancitor (Chanitor), a long-running document-based downloader.
- 02
GuLoader, a downloader that retrieves payloads from cloud storage providers.
● Frequently asked questions
What is Downloader?
Lightweight malware whose main function is to retrieve and execute additional malicious payloads from a remote server. It belongs to the Malware category of cybersecurity.
What does Downloader mean?
Lightweight malware whose main function is to retrieve and execute additional malicious payloads from a remote server.
How do you defend against Downloader?
Defences for Downloader typically combine technical controls and operational practices, as detailed in the full definition above.
What are other names for Downloader?
Common alternative names include: Stage-1 downloader, Trojan downloader.