PureLogs infostealer is stealing credentials worldwide

Fortinet researchers observed a phishing campaign that lures victims with invoice-themed emails containing a TXZ archive; embedded JavaScript launches a hidden PowerShell session that decodes and runs a .NET loader (PawsRunner) which fetches PNG images over HTTPS, extracts an encrypted payload via steganography, and deploys the PureLogs infostealer to harvest credentials, cookies, crypto wallets, password managers, authenticators and other application data for encrypted exfiltration.