VEIL#DROP Malware Chain Leverages Blogger for PureLogs Stealer
Cybersecurity researchers have identified a novel multi-stage malware delivery attack chain, codenamed VEIL#DROP, which exploits social engineering tactics and Google's Blogger platform to distribute an information stealer known as PureLogs. This sophisticated operation, detailed by Securonix, begins with initial payloads delivered through either targeted spear-phishing campaigns or drive-by compromises, where users unknowingly visit compromised web pages.
Once a victim's system is infected, the VEIL#DROP chain proceeds through several stages designed to evade detection and establish persistence. The use of Blogger, a free blogging service, as a command-and-control (C2) infrastructure component is a notable aspect of this attack. Attackers leverage Blogger pages to host malicious scripts or redirect victims to further stages of the infection, making it challenging to block the C2 communication as it appears as legitimate web traffic.
The ultimate goal of the VEIL#DROP attack chain is to deploy the PureLogs information stealer. PureLogs is designed to exfiltrate sensitive data from infected systems, including login credentials, financial information, and other personal data. The malware's capabilities allow it to target various applications and browsers, increasing the potential scope of data theft. The multi-stage nature of the attack suggests a deliberate effort by the threat actors to create a resilient and stealthy infection vector.
Securonix researchers have emphasized the importance of user awareness and robust endpoint security solutions to mitigate the risks associated with such evolving threats. The reliance on social engineering and the creative use of legitimate platforms like Blogger highlight the adaptive strategies employed by cybercriminals to bypass traditional security measures and achieve their objectives of data theft and system compromise.
Original source — read the full reporting at the publisher:
Read on The Hacker News