BaoLoader (Malware Family)

SYMBOL	COMMON_NAME	aka. SYNONYMS

win.baoloader (Back to overview)

BaoLoader

According to Expel, the developers behind the recent AppSuite-PDF and PDF Editor campaigns have used at least 26 code-signing certificates over the last seven years to make their software appear legitimate. Due to different use of and certificate clustering, the malware is believed different from both Chromeloader and TamperedChef.

References

2025-09-11 ⋅ Expel ⋅ AARON WALTON, Cert Central
The history of AppSuite: the certs of the BaoLoader developer
BaoLoader

There is no Yara-Signature yet.

BaoLoader Propose Change

References

BaoLoader