In September 2024, a new version of the Oyster Backdoor, called CleanUpLoader, was discovered. It spread through fake software downloads via ads on search engines, posing as legitimate applications like Teams, Edge, and Chrome. The malware was linked to a specific company issuing certificates and showed similarities to earlier Oyster campaigns.

Unlock the secrets of Latrodectus, a cutting-edge loader malware shaking up the cybersecurity world. Explore its evolving delivery tactics, payload execution, and decryption strategies in a detailed analysis. Delve into the inner workings of this sophisticated threat and uncover its hidden complexities.

Part 1 of the overview and analysis of the Koi Loader/Koi Stealer campaign will specifically delve into the initial delivery and loading mechanism. This section will detail the infection chain, behavior of various components, and functionalities of the associated malware. The purpose and function of each script and payload involved in the campaign, such as the batch script, JavaScript file, and PowerShell scripts, will be covered.