ModiLoader – aka DBatLoader or NatsoLoader – was initially identified in June 2020. It is a two-stage loader that has been seen distributing the Remcos, Formbook, and Netwire trojans. This malware is typically spread through malicious email attachments, or by being bundled with legitimate software.
Once a user’s device is infected with ModiLoader, it can perform several malicious actions such as:
ModiLoader is a persistent malware and uses various techniques to evade detection such as:
It is important to keep your device and software up to date, and to exercise caution when opening email attachments or installing software from unfamiliar sources to protect against ModiLoader and other types of malware. In addition, using a reputable anti-virus software and keeping it updated can help protect against ModiLoader and other types of malware.