SECURONIX has identified a complex multi-stage malware delivery framework named Veil#Drop that leverages compromised websites and social engineering tactics to deploy information stealers. The process initiates with a misleading JavaScript file that triggers PowerShell commands to fetch additional malicious payloads from attacker-controlled Blogspot pages.
With multiple obfuscation techniques, including XOR-encoded .NET assemblies, the malware executes various payloads directly in memory, complicating detection efforts. Ultimately, the malware infects devices with PureLog Stealer, which aggressively targets sensitive information across various browsers and applications, threatening larger enterprise environments.
Such information stealers are often the precursor to severe intrusion campaigns, enabling further attacks like ransomware deployment or business email compromise.