The world of cyber threats is intricate and ever-changing. Threat actors are always improving their methods, and new strains of infostealer malware frequently surface.
Infostealers are very easy to operate, inexpensive, and have low entry barriers, which makes them highly dangerous for even low-level threat actors.
A recent strain, called PureLogs, is a 64-bit information-stealer that is built in C# and bundles its assemblies into many stages using the commercial.NET Reactor packer.
This stealer has the ability to obtain private information via the Chrome browser. It shares this capability with only a few other malware strains, including Lumma, Vidar, and Meduza.
In the current threat landscape, it is imperative for security experts to remain up to date on emerging strains like PureLogs.
Analyse Any Suspicious Links Using ANY.RUN’s New Safe Browsing Tool: Try for Free
PureLogs- A Least Expensive Infostealer
In 2022, PureLogs was initially offered for sale on underground markets, and it has since been promoted on several underground forums. It also keeps an account and a dedicated marketplace on the clearnet.
This website no longer allows direct purchases, but it still points prospective customers to a Telegram bot for support and sales inquiries. With pricing starting at $99 for a month, $199 for three months, $299 for a year, and $499 for a lifetime membership, PureLogs is one of the least expensive infostealers on the market.
Along with the infostealer, its author is selling other “products” that provide threat actors with access to extra resources, such as a cryptocurrency miner, tools for replacing clipboards, a botnet that can perform DDoS attacks, and a covert Virtual Network Computing client.
According to the Flashpoint Intel Team report, PureLogs operates in three phases. The loading and execution stage is the first. The second stage assembly appears to be in charge of anti-sandbox tests and network configuration before loading the final infostealer assembly.
The infostealer code is located in the third stage of assembly. PureLogs obtains the following information:
- Browsing data
- Chrome, Edge, and Opera extensions
- Cryptocurrency wallet applications
- Desktop applications
- Victim machine information
Folders, files by extension, or files by name and location can all be grabbed by PureLogs. It is also capable of downloading and running more payloads from a remote URL.
During the settings, PureLogs users have the option to transmit the exfiltrated data to Telegram. The PureLogs panel’s Telegram messages include details on the victim, the amount of stolen goods, the screenshot that was captured, and the entire log file that can be downloaded.
As a result, for businesses to defend themselves against this emerging threat, security teams must have immediate access to extensive threat intelligence.
Strategies to Protect Websites & APIs from Malware Attack => Free Webinar