Elastic Security Labs' Salim Bitam noted that Ghostpulse is often used in campaigns as a loader for more dangerous types of malware such as the Lumma infostealer, and that the latest change makes it ...
The Latrodectus malware loader stepped in to fill the void left by the disruption of major malware distribution botnets such as IcedID. Here’s how it’s being used and how it operates.