THE article discusses a newly detected loader malware known as GoFlateLoader, which is designed to deliver information-stealing payloads globally. Since April 2026, it has protected over 33,000 users from threats primarily in Brazil, India, and Argentina. GoFlateLoader is notable for its bulk size (between 700-950 MB), allowing it to evade detection by antivirus tools due to their performance optimization against large files. It operates by loading its payload in memory, ensuring it does not touch the disk.
The loader can deliver various infostealers like Amatera, Remus, and Lumma, and spreads through fake cracked software and malicious traffic distribution systems. Detection strategies include vigilance against oversized executables and suspicious software downloads.