Veil#Drop campaigns use Blogspot and PowerShell to deliver PureLog
Source headline: Blogspot-Hosted Payloads Delivered in ‘Veil#Drop’ Attacks
Intelligence Summary
Securonix reports that Veil#Drop uses compromised web resources hosted on Blogspot to stage payloads. The activity chains PowerShell and fileless techniques to reduce the chances of detection. Victims are ultimately exposed to the PureLog information stealer. The campaign’s reliance on legitimate hosting and evasive execution increases the difficulty of identifying malicious behavior. Organizations should review detections for suspicious PowerShell behavior and anomalies tied to external web staging.
Recommended Action
Review affected assets, schedule urgent remediation, and monitor related indicators.