Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks

Summary

A sophisticated framework, dubbed 'Veil#Drop,' is being used in attacks that leverage compromised websites and Blogspot to deliver the PureLog information stealer. This framework employs fileless techniques, making it challenging for security solutions to detect and block.

IFF Assessment

FOE

The Veil#Drop framework's use of information stealers and sophisticated evasion techniques poses a direct threat to organizations and individuals.

Defender Context

Defenders should be aware of the Veil#Drop framework's tactics, which include abusing legitimate platforms like Blogspot and employing fileless techniques. Monitoring for unusual PowerShell activity and unusual network traffic originating from compromised websites can help in early detection.

Read Full Story →