Latrodectus, also known as BlackWidow, is a sophisticated malware loader distributed through phishing campaigns. It serves as a replacement for IcedID and is heavily used by threat actors like TA577 and TA578. Latrodectus acts as a backdoor, enabling remote control of infected systems. Its initial module is distributed to victims, responsible for downloading and installing subsequent payload stages, along with other malware families. Latrodectus utilizes various evasion techniques, including sandbox detection and RC4 encryption for its communication over HTTP. The malware has been observed being distributed as legitimate third-party DLLs, suggesting potential distribution through malvertising and SEO poisoning. The malware’s sophisticated functionality and extensive use by threat actors make it a significant cybersecurity threat.