Olymp Loader: A new Malware-as-a-Service written in Assembly

Olymp Loader is a commercially offered Malware-as-a-Service promoted by the actor "OLYMPO" since June 2025; marketed as an assembly-written, FUD loader/crypter with built-in stealer modules (browser, Telegram, crypto wallets), Defender-evasion features (exclusions, Defender removal), code signing, deep XOR obfuscation, and support for multiple payload types. The report documents distribution vectors (including abused GitHub releases and socially engineered installers), observed post‑infection payloads (LummaC2, WebRAT/SalatStealer, QasarRAT, Raccoon), technical behaviors, TTP mappings, and a set of IOCs (download URLs and file hashes).