The downloader has been detailed by cybersecurity researchers at HP Wolf Security, who've called it RATDispenser.
SEE: A winning strategy for cybersecurity (ZDNet special report)
Once installed, RATDispenser is used to distribute a range of different malware, including trojans, keyloggers and information stealers, all designed to steal sensitive data from the user.
The most frequently distributed malware downloads are STRRAT and WSHRAT, which account for four in five of the analysed samples. But other forms of malware RATDispenser have been distributed, including invasive information stealers such as Adwind, Formbook, Remcos, Panda Stealer, GuLoader and Ratty.
Some of these trojans, like Panda Stealer, are relatively new, having only been discovered this year, while others, such as WSHRAT, have been active for many years.
At the time the research was published, RATDispender was only detected by one in 10 available anti-virus engines.
"It's particularly concerning to see RATDispenser only being detected by about 11% of antivirus systems, resulting in this stealthy malware successfully deploying on victims' endpoints in most cases," said Patrick Schlapfer, malware analyst at HP.
"RATs and keyloggers pose a silent threat, helping attackers to gain backdoor access to infected computers and steal credentials from business accounts or even cryptocurrency wallets. From here, cyber criminals can siphon off sensitive data, escalate their access, and in some cases sell this access on to ransomware groups," he added.