Downloader

A downloader is a small first-stage program designed to fetch additional malware from attacker infrastructure once it executes. Unlike droppers, downloaders carry little or no payload themselves; they rely on outbound HTTP(S), DNS, or messaging-app channels to contact C2 and pull subsequent stages. This separation keeps the initial binary small and innocuous-looking and lets operators swap payloads on demand. Common downloaders include macro/HTA scripts, JavaScript downloaders, and signed installer trojans. Defences include outbound network filtering, DNS sinkholing of known C2, EDR with download-and-execute pattern detection, mail/web isolation, and disabling risky scripting hosts when not required.