{"id":16455,"date":"2026-07-07T04:42:12","date_gmt":"2026-07-07T04:42:12","guid":{"rendered":"https:\/\/techtrendfeed.com\/?p=16455"},"modified":"2026-07-07T04:42:12","modified_gmt":"2026-07-07T04:42:12","slug":"blogspot-hosted-payloads-delivered-in-veildrop-assaults","status":"publish","type":"post","link":"https:\/\/techtrendfeed.com\/?p=16455","title":{"rendered":"Blogspot-Hosted Payloads Delivered in &#8216;Veil#Drop&#8217; Assaults"},"content":{"rendered":"<p> <br \/>\n<\/p>\n<div>\n<p class=\"wp-block-paragraph\"><strong>Securonix has uncovered a classy multi-stage malware supply framework that makes use of compromised web sites and social engineering to contaminate customers with info stealers.<\/strong><\/p>\n<p class=\"wp-block-paragraph\">Dubbed <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securonix.com\/blog\/veildrop-blogspot-hosted-powershell-loader\/\">Veil#Drop<\/a>, the framework combines JavaScript launchers and PowerShell obtain cradles for the deployment and execution of malware hosted on Blogspot, Google\u2019s trusted infrastructure.<\/p>\n<p class=\"wp-block-paragraph\">The an infection chain begins with a JavaScript file posing as a doc, designed to launch PowerShell code and evade execution insurance policies. The PowerShell retrieves further payloads from attacker-controlled Blogspot pages.<\/p>\n<p class=\"wp-block-paragraph\">The Blogspot-hosted payload shows a decoy doc, terminates particular processes, and decrypts embedded content material. The decoded code generates further Blogspot URLs and executes subsequent payloads immediately in reminiscence.<\/p>\n<p class=\"wp-block-paragraph\">\u201cA second-stage loader incorporates XOR-encoded .NET assemblies saved as giant embedded knowledge blobs which might be reconstructed and decrypted at runtime, stopping simple static evaluation and decreasing the effectiveness of signature-based detection mechanisms,\u201d Securonix explains.<\/p>\n<p class=\"wp-block-paragraph\">The subtle an infection chain additionally incorporates a number of fallback mechanisms, abusing trusted Microsoft-signed binaries for code execution and protection evasion.<\/p>\n<div class=\"zox-post-ad-wrap\"><span class=\"zox-ad-label\">Commercial. Scroll to proceed studying.<\/span><\/div>\n<p class=\"wp-block-paragraph\">\u201cThe mixture of compromised web sites, multi-extension masquerading, trusted cloud companies, XOR-obfuscated payloads, reflective .NET loading, fileless execution, and LOLBIN abuse demonstrates a deliberate effort to evade conventional antivirus options, scale back forensic artifacts, and keep operational stealth all through the an infection lifecycle,\u201d Securonix notes.<\/p>\n<p class=\"wp-block-paragraph\">Ultimately, the sufferer\u2019s machine is contaminated with PureLog Stealer, a .NET-based info stealer that performs system reconnaissance and begins harvesting knowledge from Google Chrome. Microsoft Edge, Firefox, Courageous Browser, Opera, and Chromium-based browsers.<\/p>\n<p class=\"wp-block-paragraph\">The malware targets credentials, cookies, autofill knowledge, session tokens, looking histories, and different delicate info saved within the browsers. It additionally searches for cryptocurrency pockets info on the sufferer\u2019s machine.<\/p>\n<p class=\"wp-block-paragraph\">Moreover, PureLog Stealer can harvest info from messaging purposes, electronic mail purchasers, distant entry software program, FTP purchasers, cloud storage purposes, developer instruments, and password managers. The malware packages the harvested info and sends it to attacker-controlled servers in an encrypted type.<\/p>\n<p class=\"wp-block-paragraph\">Given PureLog Stealer\u2019s in depth knowledge harvesting capabilities, a single contaminated workstation may result in broader atmosphere compromise, relying on the credentials, tokens, keys, and different secrets and techniques saved on the system.<\/p>\n<p class=\"wp-block-paragraph\">\u201cIn enterprise environments, info stealers are ceaselessly the primary stage of bigger intrusion campaigns. Stolen credentials could later be used to deploy ransomware, conduct knowledge theft operations, carry out enterprise electronic mail compromise assaults, or facilitate long-term espionage actions,\u201d Securonix notes.<\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated: <\/strong><a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/critical-simplehelp-vulnerability-exploited-for-malware-delivery\/\">Vital SimpleHelp Vulnerability Exploited for Malware Supply<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/cryptobandits-malware-doubles-as-a-backdoor-abuses-tor\/\">CryptoBandits Malware Doubles as a Backdoor, Abuses Tor<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/rokarolla-banking-trojan-targets-200-applications\/\">Rokarolla Banking Trojan Targets 200 Purposes<\/a><\/p>\n<p class=\"wp-block-paragraph\"><strong>Associated:<\/strong> <a rel=\"nofollow\" target=\"_blank\" href=\"https:\/\/www.securityweek.com\/infostealers-turn-millions-of-devices-into-credential-theft-machines\/\">Infostealers Flip Tens of millions of Units Into Credential Theft Machines<\/a>\n      <\/p>\n<\/div>\n\n","protected":false},"excerpt":{"rendered":"<p>Securonix has uncovered a classy multi-stage malware supply framework that makes use of compromised web sites and social engineering to contaminate customers with info stealers. Dubbed Veil#Drop, the framework combines JavaScript launchers and PowerShell obtain cradles for the deployment and execution of malware hosted on Blogspot, Google\u2019s trusted infrastructure. The an infection chain begins with [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":16457,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[58],"tags":[145,9661,8781,9464,9662],"class_list":["post-16455","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-attacks","tag-blogspothosted","tag-delivered","tag-payloads","tag-veildrop"],"_links":{"self":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16455","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=16455"}],"version-history":[{"count":1,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16455\/revisions"}],"predecessor-version":[{"id":16456,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/posts\/16455\/revisions\/16456"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=\/wp\/v2\/media\/16457"}],"wp:attachment":[{"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=16455"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=16455"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techtrendfeed.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=16455"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}<!-- This website is optimized by Airlift. Learn more: https://airlift.net. Template:. Learn more: https://airlift.net. Template: 69d9690a190636c2e0989534. Config Timestamp: 2026-04-10 21:18:02 UTC, Cached Timestamp: 2026-07-07 06:49:24 UTC -->