PureLogs Malware Variant Abuses MSBuild.exe for Process Hollowing Attacks

A purchase-order-themed phishing campaign distributes an evasive, fileless variant of the PureLogs info-stealer that uses obfuscated JavaScript and PowerShell to execute in memory and abuse MSBuild.exe via process hollowing; the malware harvests system data, browser passwords and cryptocurrency wallets, encrypts stolen data with AES, and exfiltrates it to C2 infrastructure (examples in the report: https://77.83.39.211:8443, /ping, /plugin).