Sunday 05 July 2026 02:20:53 GMT+02:00

Netcrook

HomeManifesto
News
Techcrook
Geocrook
WikicrookTeamAppContact
EnglishItalianoArabic

WIKICROOK

Dropper

A small malicious component that installs or launches a later-stage payload.

A dropper is a small malicious component whose job is to install, unpack, or launch a second-stage payload. By itself, it may look simple or limited, but it is often the first executable step in a staged infection chain. Droppers are common in phishing campaigns because they help attackers deliver a lightweight initial file that then pulls in the real malware, such as a loader, spyware, or ransomware.

Droppers matter because they let attackers split functionality across multiple pieces. That makes detection harder, simplifies updates to the payload, and can delay analysis if defenders only see the first stage. In real attacks, a dropper may arrive through an email attachment, a script, or a document that triggers code execution. Defenders look for suspicious file delivery, unexpected script or process launches, and follow-on network activity. Blocking the dropper early can prevent the later payload from ever running.

← WIKICROOK index