Attackers are using copyright-infringement notices to go after many different types of businesses in a fileless phishing campaign that spreads malware that steals data This article explores phishing campaign spreads. . Trend Micro released a report on Monday saying that the attack, which targeted organizations in important areas like healthcare, government, hospitality, and education, tries to install PureLog Stealer, a cheap infostealer that is thought to be easy for would-be criminals to use.

The main targets of the campaign have been healthcare and government organizations in Germany and Canada. Trend Micro threat researchers Mohamed Fahmy, Allixon Kristoffer Francisco, and Jonna Santos wrote in the post that this shows "selective victimology and a structured, evasive delivery framework rather than simple mass malware distribution." Groups in the US and Australia were also attacked.

For initial access, attackers send phishing emails that trick victims into downloading a malicious executable that is written in the victim's native language and makes them feel like they need to do it right away. ## Defend Early and Often Phishing campaigns are becoming more complicated because of targeted social engineering and advanced evasion techniques. This is happening in a tense geopolitical environment and an ongoing war.

It is more important than ever, especially for businesses in critical industries, to stay on the lookout for any kind of attack. Trend Micro said that the PureLog campaign's evasion and obfuscation techniques, as well as the malware's ability to run in memory, show how important behavioral detection, network telemetry, and proactive threat hunting are.

"Overall, this activity reflects a shift away from broad, opportunistic malware distribution toward more selective targeting, with observed victims in government, healthcare, education, and hospitality sectors across multiple countries," the researchers wrote. To avoid compromise, companies can set up filters to flag or sandbox messages that have legal threats or attachments. They can also teach users to see any unexpected legal or financial claims that show up in their inboxes as high risk.

Defenders can stop script and loader execution further down the attack chain by disabling or tightly controlling unauthorized Python execution on endpoints, using application allowlisting to only allow certain scripts or binaries, and keeping an eye out for suspicious use of legitimate tools.