🟡 Medium | Source: The Hacker News
A multi-stage malware campaign dubbed VEIL#DROP is abusing Google’s Blogger platform to host and deliver PureLogs, an information-stealing malware. Attackers use spear-phishing or drive-by downloads to lure victims, leveraging the trusted reputation of Blogger to bypass security controls. The campaign is notable because it exploits a legitimate, widely trusted cloud-hosted service to stage its payload delivery, making detection harder.
Security Architect’s Take: Review egress filtering and DNS policies to block or alert on unexpected outbound connections to blogger.com from corporate endpoints and cloud workloads. Additionally, ensure endpoint detection tooling is tuned to flag multi-stage script execution chains, even when the initial download originates from a trusted domain.
Original advisory: VEIL#DROP Malware Chain Uses Blogger Platform to Deliver PureLogs Stealer