A dropper[1][2] is a Trojan horse that has been designed to install malware (such as viruses and backdoors) onto a computer. The malware within the dropper can be packaged to evade detection by antivirus software. Alternatively, the dropper may download malware to the target computer once activated.
Droppers can be categorized into two types: persistent and non-persistent. Persistent droppers conceal themselves on the device and alter system registry keys. Concealment allows them to reinstall the malware during a reboot, even if previously removed. Non-persistent droppers are considered less dangerous as they remove themselves from the system after executing their payload. Thus, once the malware is removed, it cannot reinstall itself.[3]
Trojan horses operate by masquerading as legitimate programs, requiring user interaction to execute. They unpack and load malicious code into the computer's memory, then install malicious software (malware).[4]
Precautions can be taken to prevent infection from malware droppers. For example, not opening links from unknown sources and only downloading software from known verified distributors, such as the Microsoft Store or the Apple App Store. Also, a firewall can block traffic from unverified sources.[3] Droppers can also target mobile devices. For instance, a user might download an application via a text message link, which leads to the device being infected with malware. An example of a Trojan dropper created for mobile devices is the Sharkbot dropper.[5][6] It facilitates unauthorized financial transactions by exploiting the Automatic Transfer Service (ATS), allowing attackers to siphon funds from mobile banking applications. This type of malware typically enters devices through sideloading, bypassing official app stores.[6]