Sekoia.io analysts identified an undocumented .NET loader aimed at downloading, decrypting and executing next-stage payloads. In early June 2023, this new loader was actively distributed by multiple threat actors using malicious phishing emails, YouTube videos and web pages impersonating legitimate websites. We analysed in depth CustomerLoader and shared the results of our investigation in the FLINT 2023-029 (CustomerLoader: a new malware distributing a wide variety of payloads). It aims at presenting a technical analysis of CustomerLoader, an overview of more than 30 known and distributed malware families, and details on three infection chains observed distributing the loader. Related resources: * [FLINT 2023-029 - CustomerLoader: a new malware distributing a wide variety of payloads](https://app.sekoia.io/intelligence/objects/report--c39526f0-8f47-42c0-9f51-2b4c51974ce0) * [CustomerLoader malware page](https://app.sekoia.io/intelligence/objects/malware--98a371e9-b394-4fa0-9231-3846017ffcef)