Olymp Loader: A new Malware-as-a-Service written in Assembly
Essential information
- Published
- 29/09/2025 08:06
- Modified
- 29/09/2025 08:58
- Tags
- 2025-09-29 amadey assembly crypter evasion techniques loader lummac2 malware-as-a-service olymp loader qasarrat raccoon stealer telegram underground forums webrat
- Related entities
- 19 observables, 1 intrusion sets (apt), 15 techniques (mitre), 6 malware
Description
Olymp Loader is a recently emerged Malware-as-a-Service offering advertised on underground forums since June 2025. Developed by a team called OLYMPO, it's written in assembly language and marketed as fully undetectable. The loader executes other malware on victim systems and provides built-in stealer modules for browsers, Telegram, and crypto wallets. It enables rapid feature updates and fast adoption by cybercriminals. The malware has evolved from an initial botnet concept to focus on loader and crypter functionalities. Distribution methods include disguising as legitimate software and using other malware like Amadey as initial access. Post-infection payloads primarily include credential stealers and remote access tools.