Mint Stealer: New MaaS Malware Threatens Confidential Data
Experts from Cyfirma have released a report on the malware Mint Stealer, which operates under the “Malware-as-a-Service” (MaaS) model. This malware specializes in stealing confidential data and employs advanced techniques to bypass security measures.
Mint Stealer targets a wide range of data, including information from web browsers, cryptocurrency wallets, gaming credentials, VPN clients, messengers, and FTP clients. To conceal its activities, the malware uses encryption and obfuscation.
Mint Stealer is sold on specialized websites, with user support provided through Telegram. The malware container acts as a “dropper,” delivering the primary malicious code in a compressed form.
Stages of Mint Stealer operation:
- The malware extracts the payload from its resource section and creates temporary files on the user’s system.
- It then executes the loaded files and prepares for data collection.
- The final stage involves gathering information, including data from browsers, wallets, games, VPNs, messengers, and FTP clients.
Mint Stealer collects data from various applications, including browsers (Opera, Firefox, Edge), cryptocurrency wallets (Exodus, Electrum), gaming accounts (Battle.net, Minecraft), VPN clients (Proton VPN), and messengers (Skype, Telegram). It also gathers system information and monitors the clipboard.
After data collection, the malware creates an archive and uploads it to free file-sharing websites. The URL of the uploaded file is sent to the malware’s command server. Notably, the data transfer to the server occurs through an unsecured connection.
Mint Stealer poses a significant threat to cybersecurity due to its capability to steal a broad spectrum of data and evade detection. The malware is actively sold on specialized websites and receives updates to circumvent antivirus programs.
To protect against Mint Stealer, it is recommended to:
- Avoid opening files from unverified sources.
- Use reliable antivirus software.
- Regularly update all software.
- Be vigilant against potential social engineering attacks.
These measures will help mitigate the risk of infection and safeguard important data from theft.
