The Reveal Platform
Intel Name: Phantomvai loader delivers a range of infostealers
Date of Scan: October 16, 2025
Impact: High
Summary: PhantomVAI Loader is a stealthy, multi-stage loader propagated via phishing that uses obfuscated scripts and steganography to hide payloads. Originally called Katz Stealer Loader for delivering Katz Stealer, it has evolved to deliver multiple infostealers (including Katz, AsyncRAT, XWorm, FormBook and DCRat) and is offered as malware-as-a-service. Campaigns target organizations worldwide across sectors such as manufacturing, education, utilities, technology, healthcare, information, and government.
