A phishing campaign is distributing the PureLogs information stealer by concealing encrypted malicious payloads within cat images attached to phishing emails. The attack uses an invoice-themed lure within a TXZ archive to pressure victims into opening it, which then executes a JavaScript payload that stores malicious commands in process environment variables. No specific CVSS score, affected versions, fixed versions, or workarounds are provided in the source article.
A phishing campaign is smuggling the powerful PureLogs information stealer onto targets’ Windows machines by hiding encrypted malicious payloads inside cat photos, Fortinet researchers discovered. The attack The attack starts with a phishing email containing a TXZ archive and using an invoice-themed lure to pressure the victim into opening it quickly: The phishing email carrying the malicious TXZ archive (Source: Fortinet) The extracted JavaScript stores malicious commands in process environment variables (which are also filled … More → The post PureLogs infostealer is stealing credentials worldwide appeared first on Help Net Security .