Alerts
Events
DCR
Explore Cyware Products
Alerts
Events
DCR
Go to listing page
KoiLoader Reloaded: New Variant Uses LNK Abuse, Script Chains, and PowerShell to Deliver Stealer Payload
Malware and Vulnerabilities
April 01, 2025
SecurityOnline
Researchers at eSentire spotted a new KoiLoader variant using phishing, LNK file abuse, PowerShell, and layered scripts to evade detection, gain persistence, and deliver KoiStealer malware for data theft via encrypted C2 communication.
Read More
KoiLoader
Koi Stealer
Malware Loader
Information stealer
.LNK file
Publisher
Previous
Apple Releases Key Zero-Day Fixes for iOS, iPadOS, and ...
Malware and Vulnerabilities
Next
Russian Hackers Exploit MSC EvilTwin Flaw to Deploy Sil ...
Threat Actors
/https://cyware-ent.s3.amazonaws.com/image_bank/6ea6_shutterstock_659089948.jpg)
/https://cyware-ent.s3.amazonaws.com/image_bank/7723_shutterstock_380478805.jpeg)
