Several malware families, including IcedID, Aurora Stealer, and Laplas Clipper, are distributed using a new form of the AresLoader that researchers have identified. It poses as a Citrix project while actually focusing on Citrix users.
In 2022, numerous cybercrime forums and Telegram channels began to report the presence of AresLoader, a 32-bit loader malware programme designed and coded in the C programming language. It was created by the same cybercriminals who created the AiD Locker malware. On a monthly subscription basis, the multi-stage loader malware is made available.