menu_book Concept

Loader Malware

Also known as: Loader, Dropper, Downloader

Loader malware (a loader or dropper) is software whose job is to install other malware on a compromised device. Loaders frequently deliver infostealers, and many stealers also act as loaders, creating a chain that escalates a single infection into multiple payloads.

What is loader malware?

A loader (or dropper/downloader) is a lightweight first-stage payload designed to fetch and execute additional malware. Loaders are sold as a service, with operators charging for "installs" on machines they control.

Loaders and the stealer economy

Loaders and infostealers are deeply intertwined: loaders distribute stealers via pay-per-install networks, and many stealers (Vidar, ViperSoftX, AZORult) can themselves download further payloads, including ransomware.

How VantaPrism Tracks Loader Malware

VantaPrism focuses on the credential and session data that loader-delivered stealers exfiltrate, helping teams understand the downstream impact of an initial loader infection.

Check Your Exposure arrow_forward

Frequently Asked Questions

What is the difference between a loader and a stealer?

expand_more

A loader's purpose is to install other malware; a stealer's purpose is to harvest data. Many families do both, using a loader stage to deploy a stealer.

Related Terms

Infostealer Malware arrow_outward

Infostealer malware is a category of malicious software designed to silently harvest sensitive data — passwords, sess…

Malware-as-a-Service (MaaS) arrow_outward

Malware-as-a-service (MaaS) is a criminal business model in which malware authors rent or sell their software, infras…

Initial Access Broker (IAB) arrow_outward

An initial access broker (IAB) is a cybercriminal who sells access to compromised networks and accounts to other atta…

Stealer Logs arrow_outward

A stealer log is the package of data exfiltrated from a single device by infostealer malware. It typically contains s…

← All Glossary Terms Last reviewed: June 2026