PureLogs Info Stealer Campaign Exploits Trusted Windows Process

FortiGuard Labs describes the PureLogs info-stealer campaign that targets enterprises via deceptive purchase-order phishing: a kpankocrs.js archive drops a fileless PowerShell chain that performs process hollowing into MsBuild.exe, loads an in-memory .NET stealer (zgSGkYYzqVe.dll), contacts AES-encrypted C2, and harvests browser credentials, session tokens (including Discord), crypto keys, screenshots and other sensitive data; defenders should strengthen email filtering and host monitoring.