SYMBOLCOMMON_NAMEaka. SYNONYMS
win.baoloader (Back to overview)

BaoLoader


According to Expel, the developers behind the recent AppSuite-PDF and PDF Editor campaigns have used at least 26 code-signing certificates over the last seven years to make their software appear legitimate. Due to different use of and certificate clustering, the malware is believed different from both Chromeloader and TamperedChef.

References
2025-09-11ExpelAARON WALTON, Cert Central
The history of AppSuite: the certs of the BaoLoader developer
BaoLoader

There is no Yara-Signature yet.