Which type of malware connects to the internet to retrieve additional tools?

The choice of downloader as the correct answer is based on its specific function within the malware ecosystem. A downloader is a type of malware designed to connect to the internet in order to retrieve additional malicious components or payloads. This means that once the downloader is executed on a victim’s system, it establishes a connection to a remote server to download more sophisticated malware or tools that can be used for various malicious purposes, such as stealing information, installing additional malware, or taking control of the system.

In contrast, shellcode refers to a set of instructions used as a payload in the exploitation of software vulnerabilities, and it typically does not have the capability to connect to the internet for further downloads. Exploit techniques encompass methods used to leverage vulnerabilities in software to gain unauthorized access or control over systems. While they are crucial for malware attacks, they do not inherently involve downloading additional tools. An Easter egg, often found in software, is typically a hidden feature or message, and has no malicious intent or functionality related to connecting for additional tools. Thus, the downloader stands out as the clear choice due to its specific role in facilitating internet connections to enhance its malicious capabilities.