JavaScript Phishing Delivers PureLogs via MsBuild Injection
Source: Socprime
Published:
<p>A phishing campaign is using a malicious JavaScript attachment to decrypt and execute a PowerShell script. That script then performs process hollowing to inject a .NET downloader into the trusted MsBuild.exe process. The downloader reaches out to a command-and-control server to retrieve a PureLog