{"id":1,"date":"2025-05-20T15:07:14","date_gmt":"2025-05-20T15:07:14","guid":{"rendered":"http:\/\/inforb-test1.certsign.ro:8080\/?p=1"},"modified":"2025-05-26T08:13:05","modified_gmt":"2025-05-26T08:13:05","slug":"salut-lume","status":"publish","type":"post","link":"https:\/\/inforb.ro\/en\/salut-lume\/","title":{"rendered":"PureLogs, a cheap infostealer targeting the Chrome browser"},"content":{"rendered":"<p>Lumea amenin\u021b\u0103rilor cibernetice este complex\u0103 \u0219i \u00een continu\u0103 schimbare. Actorii r\u0103u inten\u021biona\u021bi \u00ee\u0219i \u00eembun\u0103t\u0103\u021besc constant metodele, iar noi variante de malware de tip&nbsp;infostealer&nbsp;apar frecvent.<\/p>\n\n\n\n<p>Infostealerele&nbsp;sunt foarte u\u0219or de operat, ieftine \u0219i au bariere de acces reduse, ceea ce le face extrem de periculoase chiar \u0219i \u00een m\u00e2inile atacatorilor de nivel sc\u0103zut.<\/p>\n\n\n\n<p>O variant\u0103 recent\u0103, numit\u0103&nbsp;PureLogs, este un&nbsp;infostealer<strong> <\/strong>pe 64 de bi\u021bi, construit \u00een&nbsp;C#, care \u00ee\u0219i \u00eempacheteaz\u0103 componentele \u00een mai multe etape folosind&nbsp;packer-ul comercial .NET Reactor.<\/p>\n\n\n\n<p>Acest tip de malware are capacitatea de a ob\u021bine informa\u021bii private prin intermediul&nbsp;browserului Chrome. \u00cemparte aceast\u0103 abilitate cu doar c\u00e2teva alte variante de malware, inclusiv&nbsp;Lumma,&nbsp;Vidar&nbsp;\u0219i&nbsp;Meduza.<\/p>\n\n\n\n<p>\u00cen peisajul actual al amenin\u021b\u0103rilor, este esen\u021bial ca exper\u021bii \u00een securitate s\u0103 r\u0103m\u00e2n\u0103 la curent cu noile variante emergente, precum&nbsp;PureLogs.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-purelogs-a-least-expensive-infostealer\"><strong>PureLogs \u2013 One of the Cheapest Infostealers<\/strong><\/h2>\n\n\n\n<p>In 2022, PureLogs was initially offered for sale on underground markets and has since been promoted on various underground forums. It also has an active account and a dedicated marketplace on the clearnet.<\/p>\n\n\n\n<p>Acest site nu mai permite achizi\u021bii directe, dar redirec\u021bioneaz\u0103 poten\u021bialii clien\u021bi c\u0103tre un&nbsp;bot Telegram&nbsp;pentru suport \u0219i \u00eentreb\u0103ri legate de v\u00e2nz\u0103ri. Cu pre\u021buri \u00eencep\u00e2nd de la 99 de dolari pentru o lun\u0103, 199 de dolari pentru trei luni, 299 de dolari pentru un an \u0219i 499 de dolari pentru un abonament pe via\u021b\u0103, PureLogs este unul dintre cei mai ieftini infostealeri de pe pia\u021b\u0103.<\/p>\n\n\n\n<p>In addition to the infostealer, the author also sells other \u201cproducts\u201d that provide attackers with access to additional resources, such as a cryptocurrency miner, clipboard content replacement tools, a botnet network capable of DDoS attacks, and a hidden Virtual Network Computing (VNC) client.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"782\" height=\"310\" src=\"https:\/\/inforb.ro\/wp-content\/uploads\/2024\/09\/unnamed-2.png\" alt=\"\" class=\"wp-image-549\" srcset=\"https:\/\/inforb.ro\/wp-content\/uploads\/2024\/09\/unnamed-2.png 782w, https:\/\/inforb.ro\/wp-content\/uploads\/2024\/09\/unnamed-2-300x119.png 300w, https:\/\/inforb.ro\/wp-content\/uploads\/2024\/09\/unnamed-2-768x304.png 768w\" sizes=\"auto, (max-width: 782px) 100vw, 782px\" \/><\/figure>\n\n\n\n<p><strong>Techniques Used By PureLogs<\/strong><\/p>\n\n\n\n<p>According to a report by the Flashpoint Intel team, PureLogs operates in three stages. The first is the loading and execution phase. The second stage appears to handle anti-sandbox checks and network configuration before loading the final component of the infostealer.<\/p>\n\n\n\n<p>The infostealer\u2019s code resides in the third stage of the assembly. PureLogs collects the following information:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Browsing data<\/li>\n\n\n\n<li>Extensions from Chrome, Edge, and Opera<\/li>\n\n\n\n<li>Cryptocurrency wallet applications<\/li>\n\n\n\n<li>Desktop applications<\/li>\n\n\n\n<li>Information about the victim's device<\/li>\n<\/ul>\n\n\n\n<p>PureLogs can extract folders, files by extension, or files by name and location. It is also capable of downloading and executing additional payloads from an external URL.<\/p>\n\n\n\n<p>During setup, PureLogs users have the option to transmit exfiltrated data via Telegram. Telegram messages from the PureLogs panel include details about the victim, the amount of data stolen, the captured screenshot, and the complete log file available for download.<\/p>\n\n\n\n<p>Therefore, for companies to defend themselves against this emerging threat, security teams must have immediate access to detailed threat intelligence.<\/p>\n\n\n\n<p>The articles\u00a0<a href=\"https:\/\/cybersecuritynews.com\/purelogs-chrome-browser\/\">PureLogs, Low Cost Infostealer Attacking Chrome Browser<\/a>\u00a0appeared originally on\u00a0<a href=\"https:\/\/cybersecuritynews.com\/\">Cyber Security News<\/a>.<\/p>","protected":false},"excerpt":{"rendered":"<p>PureLogs is a recent, inexpensive, and easy-to-use infostealer capable of stealing information from the Chrome browser, making it a serious threat even in the hands of less experienced attackers.<\/p>","protected":false},"author":1,"featured_media":551,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"single-with-sidebar","format":"standard","meta":{"footnotes":""},"categories":[17],"tags":[39],"class_list":["post-1","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","tag-homepage"],"_links":{"self":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/1","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/comments?post=1"}],"version-history":[{"count":10,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/1\/revisions"}],"predecessor-version":[{"id":879,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/posts\/1\/revisions\/879"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/media\/551"}],"wp:attachment":[{"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/media?parent=1"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/categories?post=1"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/inforb.ro\/en\/wp-json\/wp\/v2\/tags?post=1"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}