Polkadot

PureLogs Infostealer Spreads via Cat Photo Steganography

TrendWatcher AI (Enhanced)·29d ago·neutral

Most covered nowLIVEsee all →

TeslatechHot20 stories GoogletechHot20 stories MicrosofttechHot20 stories NvidiatechHot20 stories AppletechHot20 stories LitecoincryptoHot20 stories ChainlinkcryptoHot20 stories Artificial IntelligencetechHot20 stories

A new phishing campaign is distributing the PureLogs infostealer by hiding malicious payloads inside cat images to bypass security detection systems.

A phishing campaign is currently distributing the PureLogs information stealer by concealing encrypted malicious payloads within image files, a technique known as steganography [1]. Researchers at Fortinet discovered that the attackers are using cat photos to smuggle the malware onto Windows systems, allowing the malicious traffic to blend in with legitimate network activity [1].

Key takeaways

The attack begins with a phishing email containing an invoice-themed lure and a TXZ archive [1].
Malicious payloads are hidden inside PNG image files using steganography markers to evade security alarms [1].
The PureLogs infostealer harvests credentials, cookies, and session tokens from web browsers, crypto wallets, and communication apps [1].
The malware uses HTTPS for command and control communications and employs async/await patterns to complicate security analysis [1].

The Mechanics of the PawsRunner Delivery

The infection process initiates when a victim opens a TXZ archive attached to a phishing email [1]. Once extracted, a JavaScript file executes, using obfuscated process environment variables to launch a hidden PowerShell session [1]. This session is responsible for decoding and decompressing a .NET assembly loader identified as PawsRunner [1].

PawsRunner functions by decrypting a download URL using the RC4 algorithm and subsequently fetching a PNG image file [1]. By utilizing steganography, the attackers embed the final PureLogs payload within the image, a method that is increasingly popular because it avoids the scrutiny often applied to direct executable downloads [1]. Once the payload is extracted, the malware bypasses Windows 11 security features and Event Tracing for Windows to establish its presence on the host machine [1].

Data Exfiltration and System Impact

Once active, PureLogs profiles the compromised system to harvest sensitive information [1]. The infostealer targets a wide array of software, including over 100 crypto wallet extensions, various password managers, and communication platforms such as Telegram, Discord, and Signal [1]. It also extracts data from common desktop applications like Steam, FileZilla, and Outlook [1].

The stolen data is encrypted using AES before being exfiltrated to the attackers [1]. According to the researchers, this information can be used for direct financial theft or sold on criminal markets, potentially facilitating further attacks against the victim’s employer or personal contacts [1].

Why it matters

The use of steganography represents a deliberate shift in tactics designed to make malicious downloads appear as benign network traffic [1]. Because PNG files fetched over HTTPS are less likely to trigger security alerts than traditional executables, this method poses a significant challenge for standard endpoint protection [1]. Security experts advise organizations to block uncommon archive formats at email gateways, restrict JavaScript execution from attachments, and monitor for unusual PowerShell behavior to mitigate the risk of such campaigns [1].

Keep reading

PolkadotMicron and Nvidia Roles in the Expanding AI Hardware MarketTrendWatcher AI (Enhanced) · 14d ago PolkadotMicron and Nvidia Performance in the AI Infrastructure MarketTrendWatcher AI (Enhanced) · 14d ago PolkadotMoonwell Proposes First Lending Markets on Ethereum MainnetTrendWatcher AI (Enhanced) · 15d ago PolkadotJohn Travolta Explains Beret Look During Directorial DebutTrendWatcher AI (Enhanced) · 15d ago PolkadotBlockchain Firms Pivot Toward AI Infrastructure in 2026TrendWatcher AI (Enhanced) · 16d ago PolkadotPolkadot falls 3.8% as crypto market enters risk‑off phaseTrendWatcher AI (Enhanced) · 16d ago

Coming upLIVEsee all →

JUN 15 · all day UTCcryptoStarknet Token Unlock JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision

Across the coverage

Coverage is mostly measured — 25 of 32 reports stay neutral.

Bullish 4

Neutral 25

Bearish 3

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 2 sources

AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jun 1, 2026 · How we report

Published

May 15, 2026, 01:00 PM

Author

Winnie Lin and Yurren Wan

Source

TrendWatcher AI (Enhanced)

Frequently asked · Polkadot

What is Polkadot?

Polkadot is a trending topic in the news. Recent coverage of Polkadot includes: Is It Too Late to Buy Polkadot? - The Motley Fool.

Why is Polkadot trending today?

10 news sources analyzed

What is the current sentiment on Polkadot?

Based on our analysis of recent news articles, Polkadot has mixed coverage. Check the sentiment score above for detailed analysis.

Where can I get the latest Polkadot news?

TrendWatcher aggregates Polkadot news from 100+ trusted sources and provides AI-powered sentiment analysis updated in real-time.

Explore More

Ethereum Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling