According to a report by Cisco Talos, the attackers use phishing emails disguised as financial transactions or order confirmations, often impersonating banks and logistics companies.
Hidden text salting has not only been used to evade spam filters' keyword detection capabilities as shown in separate phishing attacks impersonating Wells Fargo and Norton LifeLock but also to dupe the language detection module of Microsoft and circumvent security filters.
Oil and gas, electricity, and legal services organizations in the U.S. and Europe have been targeted with spam emails containing links that download MintsLoader either through a JavaScript file or Windows Run prompt as part of a campaign underway since earlier this month, a report from eSentire showed.