Copyright-Themed Lures Deliver Multi-Stage PureLog Stealer in New Credential Theft Campaign

A new malware campaign is going after businesses in the healthcare, government, education, and hospitality sectors This article explores purelog stealer infostealer. . It uses cleverly disguised copyright violation notices to spread PureLog Stealer, a powerful malware that steals information.

The campaign, which was first looked at in March 2026, tricks people into running a bad file that looks like a real legal document. When the file is opened, it starts a quiet but complicated chain of events that ends with the victim's machine losing sensitive data. Find out more about Hacking & Cracking news updates. PureLog Stealer is an infostealer that steals browser credentials, cryptocurrency wallet data, browser extension data, and general system information.

It is a low-cost, easy-to-use tool, which means that even people who aren't very good at hacking can use it.

Lastly, two identical .NET loader files decrypt and load PureLog Stealer directly into memory, so antivirus tools can't find any files on disk. Trend Micro says that PureLog Stealer spreads through email. Companies should teach their employees to be careful with emails that they didn't expect that say they are violating copyright, especially if they have links to downloads.

Security teams should keep an eye on registry Run keys for strange entries, look for Python or WinRAR processes running from unusual directory paths, and stop connections to known malicious domains. Behavioral detection tools and network telemetry are very important because traditional signature-based antivirus might not be able to find this campaign at all because it runs without files. Set ZeroOwl as your preferred source in Google to get more instant updates on LinkedIn and X.