Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

Keypoints

  • Veil#Drop uses compromised websites and social engineering to begin the infection chain.
  • JavaScript and PowerShell are used to evade execution policies and fetch payloads from Blogspot.
  • The malware uses decoy documents, encrypted payloads, and in-memory execution to avoid detection.
  • Trusted Microsoft-signed binaries and other LOLBIN abuse provide fallback execution and defense evasion.
  • PureLog Stealer collects browser data, credentials, wallet details, and information from many applications.

Read More: https://www.securityweek.com/blogspot-hosted-payloads-delivered-in-veildrop-attacks/