Fileless Malware Abuses Google Blogspot to Deploy Infostealer in Memory
ID: 77549a67-68ee-5547-80dc-434954f007d7
STIX ID: report--77549a67-68ee-5547-80dc-434954f007d7
Feed Name: Infosecurity Magazine (News)
Securonix researchers uncovered a fileless campaign called Veil#Drop that uses compromised websites and Blogspot-hosted payloads to deliver the PureLog .NET infostealer entirely in memory via malicious scripts and PowerShell; the chain reconstructs assemblies at runtime and abuses legitimate Microsoft-signed utilities (RegSvcs, InstallUtil, MSBuild) to evade detection, harvesting browser credentials, cookies (allowing MFA bypass), autofill data and cryptocurrency wallets—defenders are urged to detect behavioral indicators like PowerShell fetching from Blogspot and use of LOLBINs rather than relying solely on static IOCs.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
