Based on reporting by The Hacker News →
Introduction
Cybercriminals are leveraging a free, legitimate blogging platform to host the initial stage of a malware chain, using trusted infrastructure to bypass security tools that rely on domain reputation alone.
The problem
According to reporting by The Hacker News (thehackernews.com), cybersecurity researchers at Securonix have identified a multi-stage malware delivery campaign codenamed VEIL#DROP. Attackers are using social engineering to trick victims into visiting a Blogger page, which then serves as the initial launch point for a malware chain culminating in the deployment of PureLogs, an information stealer. Securonix assesses that the initial victim access likely occurs through either a spear-phishing email or a "drive-by compromise" — meaning a user visiting a legitimate site that has been compromised silently redirects the browser. Underscore: the malicious content lives on a .blogspot.com domain, which is owned by Google and commonly whitelisted by security filters.
Consequences
PureLogs is a commodity infostealer capable of harvesting credentials, browser cookies, cryptocurrency wallets, and other sensitive data. A successful infection on a WordPress, WooCommerce, or any business site administrator's workstation could lead to compromise of admin credentials, session hijacking against the CMS admin panel, and ultimately defacement, data theft, or ransomware deployment on the server. Beyond technical damage, the use of a legitimate platform like Blogger makes this difficult to spot: a security analyst reviewing network logs may see a connection to google.com and dismiss it as benign.