VERY IMPORTANT

TransferLoader is a newly identified malware loader active since February 2025. It comprises multiple components including a downloader, backdoor, and specialized loader. The malware employs various anti-analysis techniques and code obfuscation to hinder reverse engineering. TransferLoader has been observed delivering Morpheus ransomware. Its backdoor module enables execution of arbitrary commands on compromised systems and uses the InterPlanetary File System as a fallback for C2 server updates. The malware utilizes both HTTPS and raw TCP communication methods, with a unique encryption process for network packets. TransferLoader's consistent use in deploying additional payloads suggests it will continue to be a threat in future attacks.