Threat Intelligence Report

Lost in relocation: analysis of a new loader distributing CASTLESTEALER

📅 June 18, 2026 📰 www.elastic.co 🔍 0 CVE(s) referenced

A newly discovered, highly evasive Windows loader dubbed OXLOADER is distributing the CASTLESTEALER infostealer via malicious Google Ads, leveraging advanced obfuscation, anti-analysis checks, and abuse of the .reloc section to bypass detection and deliver payloads in-memory.

vendor

🔐 Sign In to Read Full Report

You'll need to accept our Terms of Service to access the platform.

📊 Visual Mindmap

🎯 IOC Extraction

⚔️ MITRE ATT&CK TTPs

📦 STIX 2.1 Bundle