A new variant of the PureLogs infostealer malware has been identified, distributed via phishing emails featuring fake purchase orders. These emails contain a malicious JavaScript that initiates a multi-stage infection on Windows systems. Once executed, the JavaScript decrypts PowerShell code, which is then run to extract data such as browser credentials, clipboard contents, and cryptocurrency wallet files.
This variant targets various browsers and applications, and its operation involves sophisticated techniques like process hollowing. Experts recommend improved email filtering and monitoring of PowerShell activities as countermeasures.