www.securityweek.com 7/6/2026, 7:20:57 PM · external

Veil#Drop malware uses blogs to spread PureLog Stealer

Veil#Drop malware uses blogs to spread PureLog Stealer
Developing story malware 2 articles tracked
Veil#Drop malware campaign spreads PureLog Stealer via Blogspot
CyberSIXT Evidence Panel
Primary Source securonix.com

SECURONIX has identified a complex multi-stage malware delivery framework named Veil#Drop that leverages compromised websites and social engineering tactics to deploy information stealers. The process initiates with a misleading JavaScript file that triggers PowerShell commands to fetch additional malicious payloads from attacker-controlled Blogspot pages.

With multiple obfuscation techniques, including XOR-encoded .NET assemblies, the malware executes various payloads directly in memory, complicating detection efforts. Ultimately, the malware infects devices with PureLog Stealer, which aggressively targets sensitive information across various browsers and applications, threatening larger enterprise environments.

Such information stealers are often the precursor to severe intrusion campaigns, enabling further attacks like ransomware deployment or business email compromise.

View Primary Source Via www.securityweek.com

Article by CyberSIXT

Timeline Coverage

Swipe to explore timeline