Infostealer malware, like the recently identified PureLogs, poses significant risks due to its low cost and ease of use, making it accessible to even low-level hackers. PureLogs is a 64-bit information stealer developed in C#, utilizing multiple stages by bundling its assemblies with the commercial .NET Reactor packer.
This infostealer can gather private information from the Chrome browser, similar to a few other strains like Lumma, Vidar, and Meduza. Security experts must stay informed about emerging threats like PureLogs in today’s landscape.
PureLogs Infostealer
In 2022, PureLogs was first sold on underground markets and has since been advertised on various forums. It also has a site on the clearnet that redirects users to a Telegram bot for sales inquiries. Pricing starts at $99 for one month, making it one of the cheapest infostealers available.
The author also sells other tools, including a cryptocurrency miner, clipboard replacement tools, a DDoS botnet, and a covert Virtual Network Computing client.
According to the Flashpoint Intel Team, PureLogs works in three phases
- First Stage: This is the loading and execution phase.
- Second Stage: This phase runs anti-sandbox tests and sets up network configurations before loading the final infostealer.
- Third Stage: This contains the actual infostealer code.
PureLogs collects the following information:
- Browsing data
- Extensions from Chrome, Edge, and Opera
- Cryptocurrency wallet applications
- Desktop applications
- Information about the victim’s machine
PureLogs can extract folders, files by extension, or by name and location. It can also download and execute additional payloads from a remote URL.
Users can choose to send the stolen data to Telegram, which includes victim details, stolen data amounts, captured screenshots, and downloadable log files.
To protect against this threat, security teams need immediate access to comprehensive threat intelligence.
Follow Us on: Twitter, Instagram, Facebook to get the latest security news!
Leave A Comment