VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer
ID: f1bc3b4f-ae3e-513e-881c-da0ada3ed245
STIX ID: report--f1bc3b4f-ae3e-513e-881c-da0ada3ed245
Feed Name: The Hacker News
Threat Score
VEIL#DROP is a multi-stage malware campaign delivering the PureLogs .NET information stealer: threat actors distribute a deceptive JavaScript (e.g., transcript.pdf.js) that launches PowerShell to retrieve staged payloads hosted on Blogger, performs XOR decryption and runtime mutation, executes assemblies via reflective loading or Microsoft-signed binaries (LOLBins), and operates filelessly to steal credentials and sensitive data.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.
