RE: https://infosec.exchange/@netresec/115905237000922504

This malicious finger service on `64.190.113.206` (AS399629 / BL Networks) has delivered #MintsLoader for 30+ days and is still up and running!

You can probe it with:
`nc 64.190.113.206 79 <<< rcaptcha`

The malicious "finger" service […]

Fake "Verify You Are Human" CAPTCHA page that can appear when viewing a page from a legitimate but compromised website.

Text from KongTuke's fake CAPTCHA page injected into the viewer's clipboard, and the CAPTCHA page contains instructions to run the text as a command in Window's Run window.

Traffic from the KongTuke activity and resulting infection filtered in Wireshark.

Reposted with correct malware names:

2026-02-02 (Monday) #KongTuke #ClickFix activity leads to #MintsLoader and #GhostWeaver RAT

Today's ClickFix uses the "finger" command, a tactic seen in previous ClickFix activity.

Further details available at www.malware-traffic-analysis.net/2026/02/02/i...

CERT-AGID: ripresa di MintsLoader via PEC e smishing INPS; 6 campagne malware, 8 famiglie e 8 phishing in una settimana, allerta su furti dati.

#CERTAgID #malware #MintsLoader #phishing #smishing
www.matricedigitale.it/2025/09/06/c...

🧀 Update on MintsLoader: a thread 🔽
MintsLoader is a JavaScript/PowerShell loader that was first detailed by OCD in 2024.
A new version has been around at least since early-June 2025.
#threatintel #cti #mintsloader

MintsLoader Malware Analysis: Multi-Stage Loader Used by TAG-124 and SocGholish Discover how MintsLoader operates as a stealthy, obfuscated malware loader distributing GhostWeaver, StealC, and BOINC. Read Recorded Future’s in-depth analysis of its evasion tactics, DGA-based C2s, ...

New research from Insikt Group on #MintsLoader, often deploying second-stage payloads such as GhostWeaver, StealC, and a modified BOINC client, among others: www.recordedfuture.com/research/unc...

Supply chain, PEC malevole e smishing INPS: reverse shell npm, AsyncRat e documenti rubati mettono a rischio sicurezza pubblica e aziendale.

#AsyncRAT #CVE202530154 #ICS #Inps #malware #MintsLoader #npm #PEC #reverseshell #smishing #vulnerabilità
www.matricedigitale.it/sicurezza-in...

Supply chain, PEC malevole e smishing INPS: reverse shell npm, AsyncRat e documenti rubati mettono a rischio sicurezza pubblica e aziendale.

#AsyncRAT #CVE202530154 #ICS #Inps #malware #MintsLoader #npm #PEC #reverseshell #smishing #vulnerabilità
www.matricedigitale.it/sicurezza-in...

Supply chain, PEC malevole e smishing INPS: reverse shell npm, AsyncRat e documenti rubati mettono a rischio sicurezza pubblica e aziendale.

#AsyncRAT #CVE202530154 #ICS #Inps #malware #MintsLoader #npm #PEC #reverseshell #smishing #vulnerabilità
www.matricedigitale.it/sicurezza-in...

MintsLoader: StealC and BOINC Delivery In early January 2025, the eSentire Threat Response Unit (TRU) identified an ongoing campaign involving MintsLoader delivering second stage payloads like…

Check out the teams latest blog on #MintsLoader #StealC #BOINC

www.esentire.com/blog/mintslo...

#IOCs here: github.com/eSentire/ioc...