Securonix uncovered Veil#Drop, a multi-stage malware delivery framework that uses compromised websites, JavaScript launchers, and PowerShell download cradles hosted on Blogspot to deliver malware. The chain ultimately infects victims with PureLog Stealer, which harvests credentials, cookies, tokens, browser history, and other sensitive data from multiple browsers and applications. #VeilDrop #PureLogStealer #Blogspot #Securonix
Keypoints
- Veil#Drop uses compromised websites and social engineering to begin the infection chain.
- JavaScript and PowerShell are used to evade execution policies and fetch payloads from Blogspot.
- The malware uses decoy documents, encrypted payloads, and in-memory execution to avoid detection.
- Trusted Microsoft-signed binaries and other LOLBIN abuse provide fallback execution and defense evasion.
- PureLog Stealer collects browser data, credentials, wallet details, and information from many applications.
Read More: https://www.securityweek.com/blogspot-hosted-payloads-delivered-in-veildrop-attacks/