Types
Loader
Malware whose job is to gain a foothold and pull down further payloads — the delivery layer that precedes ransomware and espionage.
A loader (or downloader) is malware built to establish initial access and then fetch and run additional payloads. Loaders are the delivery layer of the modern crime ecosystem: they sell footholds to other operators and stage post-exploitation tools, infostealers and ransomware.
The access economy
Loaders like Bumblebee and BazarLoader replaced older delivery malware as crews professionalised. Many "banking trojans" — Emotet, TrickBot, QakBot — are really loaders now, valued for the access they sell rather than the fraud they commit.
Detection
Catch loaders early: they're the cheapest point to break the kill chain before ransomware lands. Watch for suspicious child processes, LOLBins and beaconing from freshly delivered documents.