GoFlateLoader Uses Massive PE Overlay to Deliver Lumma, Vidar, and StealC Infostealers

GoFlateLoader is a Go-written loader observed since April 2026 that evades file-scanning by appending massive PE overlays (700–950 MB) to exceed analysis platform limits, delivers in-memory information-stealer payloads (Amatera, Remus, Lumma, Vidar, StealC, SvitStealer) via fake cracked software and malicious redirects, and includes multiple SHA-256 indicators tied to archives and variants.