logo

VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer

ID: f1bc3b4f-ae3e-513e-881c-da0ada3ed245

STIX ID: report--f1bc3b4f-ae3e-513e-881c-da0ada3ed245

Feed Name: The Hacker News

Threat Score
75/100

Date Published: 2026-07-01

Date Updated: 2026-07-02

Author: [email protected] (The Hacker News)

...
...

VEIL#DROP is a multi-stage malware campaign delivering the PureLogs .NET information stealer: threat actors distribute a deceptive JavaScript (e.g., transcript.pdf.js) that launches PowerShell to retrieve staged payloads hosted on Blogger, performs XOR decryption and runtime mutation, executes assemblies via reflective loading or Microsoft-signed binaries (LOLBins), and operates filelessly to steal credentials and sensitive data.

Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.