Dropper

Definition

# What is a Dropper in Cybersecurity?

In cybersecurity, a **dropper** is a type of **malware installer**.

It’s a small, often seemingly harmless program whose main job is **to “drop” (deliver and install)** another, usually more harmful, piece of malware onto a victim’s system.

## How It Works
1. **Initial Delivery** – The dropper gets onto the target system, often through phishing emails, malicious attachments, drive-by downloads, or USB devices.
2. **Payload Retrieval** – Once running, the dropper downloads or unpacks the *real* malicious payload (like ransomware, spyware, or a remote access trojan).
3. **Execution** – The dropper installs and runs the payload, sometimes deleting itself afterward to avoid detection.

## Key Points
- **Purpose**: Get the “main” malware in place while evading early detection.
- **Stealth**: Droppers are often small and designed to bypass antivirus scans by not carrying obvious malicious code until the payload is fetched.
- **Types**:
  - **Downloaders** – Fetch the payload from the internet after execution.
  - **Embedded Droppers** – Already contain the payload in compressed or encrypted form.

> 💡 Think of a dropper as a **Trojan delivery truck** — the truck itself isn’t the main danger, but it’s bringing something dangerous inside.

## Further Reading
- [CISA – Malware](https://www.cisa.gov/news-events/news/understanding-malware) – Overview of different malware types, including droppers.  
- [MITRE ATT&CK – Ingress Tool Transfer](https://attack.mitre.org/techniques/T1105/) – Explains how malicious tools (like droppers) transfer payloads.  
- [Kaspersky – What is a Trojan Dropper?](https://usa.kaspersky.com/resource-center/threats/trojan-dropper) – Detailed look at Trojan droppers and how they work.  
- [ESET – The Role of Droppers in Malware Campaigns](https://www.welivesecurity.com) – Insights from real-world cases (search “dropper” on the site).

Dropper

Definition

Explore More Terms