This report details a sophisticated phishing campaign targeting Ukrainian government agencies, using malicious SVG files to deliver CountLoader and other malware. The campaign employs multi-layered infection chains involving in-memory loaders, defense evasion, and credential theft techniques. #CountLoader #AmateraStealer #PureMiner #PureCoder #PXAstealer #PureRAT
Keypoints
- The campaign impersonates Ukrainian government agencies to deceive recipients.
- Malicious SVG files are used as HTML substitutes to initiate infection chains.
- CountLoader drops payloads like Amatera Stealer and PureMiner in a fileless manner.
- PureCoder-developed malware suite includes tools like PureCrypter and PureLogs.
- The attack demonstrates a progression from simple phishing to advanced, multi-layered malware deployment.
Read More: https://thehackernews.com/2025/09/researchers-expose-svg-and-purerat.html