Malicious actors have used the MintsLoader malware loader to distribute the new GhostWeaver backdoor in an attack campaign that involved phishing and the ClickFix technique, Cyber Security News reports.
Intrusions commence with the delivery of phishing emails leading to the delivery of the MintsLoader malware, which loads a PowerShell script with obfuscated code that then connects with a command-and-control server leveraging domain generation algorithms for blacklisting evasion, according to a report from Recorded Future's Insikt Group. Establishing the connection between the script and the C2 server then prompts the execution of GhostWeaver, which not only ensures persistence via registry alterations and scheduled tasks but also takes action on endpoint security tools through Windows Management Instrumentation object manipulation, said researchers. Organizations have been recommended to avert the threat posed by the attack campaign by adopting app whitelisting, ensuring up-to-date endpoint security, deactivating Office macros, and bolstering employee awareness on increasingly advanced social engineering tactics.
Intrusions commence with the delivery of phishing emails leading to the delivery of the MintsLoader malware, which loads a PowerShell script with obfuscated code that then connects with a command-and-control server leveraging domain generation algorithms for blacklisting evasion, according to a report from Recorded Future's Insikt Group. Establishing the connection between the script and the C2 server then prompts the execution of GhostWeaver, which not only ensures persistence via registry alterations and scheduled tasks but also takes action on endpoint security tools through Windows Management Instrumentation object manipulation, said researchers. Organizations have been recommended to avert the threat posed by the attack campaign by adopting app whitelisting, ensuring up-to-date endpoint security, deactivating Office macros, and bolstering employee awareness on increasingly advanced social engineering tactics.
