Loader
MintsLoader
According to Orange Cyberdefense, MintsLoader is a little-known, multi-stage malware loader that has been used since at least February 2023.
MintsLoader is a JavaScript loader.
Background
Orange Cyberdefense reports that MintsLoader is an obscure, multi-stage malware loader active since at least February 2023, with broad distribution campaigns seen from July through October 2024. Its name derives from a distinctive URL parameter pattern, “1.php?s=mintsXX" (where XX is a number).
The loader mainly drops RAT or infostealer payloads like AsyncRAT and Vidar via phishing emails, going after European organizations in countries such as Spain, Italy, and Poland. Coded in JavaScript and PowerShell, MintsLoader works through a multi-step infection sequence spanning numerous URLs and domains, most of which are generated by a domain generation algorithm (DGA) using the .top TLD.
Source: Malpedia (Fraunhofer FKIE).