AbSent Loader

AbSent Loader is a malware project whose authors developed it with an educational purpose – their GitHub page states that this project is not meant to be used with harmful intent and, instead, it should be used as an educational tool that can help developers understand how loaders of this type work. Unfortunately, the fact that AbSent Loader's source code is available for free means that cybercriminals will not skip the opportunity to implement in their attacks - AbSent Loader is already being used in malware propagation campaigns actively, and it is often seen playing the role of a first-stage implant that will be used to bring more malware to the compromised system.

The Open-Source AbSent Loader Project is Being Abused by Cybercriminals

The AbSent Loader is a fairly basic project, and it is certainly not on the level of popular commodity Trojan loaders that are being sold online. However, it still has the core functionality that cybercriminals would need to use in their attacks – once running, the AbSent Loader could gain persistence on the compromised host, and send some information to the Command and Control server. The information being transmitted is usually software and hardware information that would help the attackers determine what payload to deliver to their victims. The AbSent Loader is able to work in the background and ping the control server at regular intervals to check if it needs to complete any newly assigned tasks.

Although AbSent Loader is able to fetch a payload from the remote server, it also could be used to deliver and launch a payload embedded into it, therefore eliminating the need to contact the control server at all. Since the AbSent Loader is a free project, it could be used with any type of malware virtually – Remote Access Trojans, ransomware, infostealers, backdoors and more. It is recommended to protect your network from such threats by using an up-to-date anti-virus solution.