Mint-Stealer is a Malware-as-a-Service tool designed to exfiltrate sensitive data from compromised systems stealthily and targets a broad spectrum of data, including web credentials, cryptocurrency wallet details, gaming credentials, VPN configurations, messaging app data, and FTP client information.  Employing encryption and obfuscation, Mint-Stealer evades detection while actively stealing data. Distributed through dedicated websites and supported via Telegram, this malware poses a significant threat to cybersecurity due to its wide-ranging data theft capabilities and evasion techniques.  Python-based MaaS malware that steals sensitive data from web browsers, cryptocurrency wallets, gaming platforms, VPNs, messaging apps, and FTP clients uses anti-analysis techniques, compresses its payload, and exfiltrates stolen data to free file-sharing services before notifying its C2 server.  command and control (C2) server for the stealer Distributed through dedicated websites and Telegram, Mint-Stealer poses a significant threat due to its wide data targeting, ease of access, and evasion capabilities.  Mint-Stealer, a sophisticated malware-as-a-service, is actively distributed and managed through multiple online platforms, including dedicated websites and Telegram channels.  The threat actors behind Mint-Stealer employing evasion techniques like encryption, obfuscation, and unrestricted hosting to maintain persistent operations capable of exfiltrating sensitive data pose a significant threat due to its continuous adaptation and robust infrastructure, emphasizing the need for proactive cybersecurity measures.  The threat actor’s telegram contact The file, primarily composed of a heavily compressed resource section, exhibits high entropy and a uniform byte distribution, which operates without administrative privileges, leveraging the current user’s permissions.  Setup.exe extracts a payload from its resource section and creates a temporary directory using a unique combination of ‘onefile’, process ID, and system time, and then writes a new executable, vadimloader.exe, to this directory, populating it with the extracted payload.  next stage payload Setup.exe drops supporting files, including Python modules, DLLs, and CA certificates, into the same directory.

Source: GBHackers