Ethereum

PureLogs delivered via steganographic PawsRunner loader in new

TrendWatcher AI (Enhanced)·32d ago·neutral

Most covered nowLIVEsee all →

NFTcryptoHot20 stories AltcoinscryptoHot20 stories ChainlinkcryptoHot20 stories LitecoincryptoHot20 stories StablecoinscryptoHot20 stories Bitcoincrypto10 stories Artificial IntelligencetechHot20 stories Binancecrypto10 stories

New phishing campaign uses TX TX archive and hidden PNG images to drop PureLogs infostealer via PawsRunner steganography, targeting browser and crypto wallet

A phishing email with a fake invoice attachment delivers a TXZ archive that hides a JavaScript loader, which then launches a headless PowerShell process to decrypt and run the .NET PawsRunner loader entirely in memory [1]. PawsRunner contacts a remote server, fetches a PNG image that appears to be a cat picture, and extracts encrypted data embedded in the image’s iTXt and IEND chunks using steganography; the extracted payload is the PureLogs .NET infostealer [2].

The loader creates several environment variables, decodes an AES‑encrypted payload, and executes it via .NET reflection without writing files to disk, leaving only a hidden PowerShell window and a conhost.exe process as visible artifacts [1]. Once active, PureLogs immediately begins harvesting credentials from more than 80 browsers, password managers, and cryptocurrency wallet extensions such as MetaMask and Trust Wallet, then sends the data to a command‑and‑control server over HTTPS with additional AES‑256 encryption [1][2].

Researchers note that the campaign includes fallback URLs for the PNG download and rotates between three network APIs and user‑agent strings to evade detection, while also masquerading the malicious executable with cat icons to appear benign [2]. Mitigation guidance advises blocking TXZ attachments, monitoring for hidden conhost.exe and PowerShell –w flags, and deploying signatures for both PawsRunner and PureLogs, as well as applying steganography detection to inbound images [2].

The use of steganography to embed the final payload and the fileless, memory‑only execution chain raise the bar for traditional endpoint defenses, prompting security teams to consider deeper inspection of seemingly innocuous image files and tighter outbound traffic controls. The open question is how quickly defenders can adapt detection tooling to spot these layered, encrypted stages before the stolen credentials are exfiltrated.

Keep reading

EthereumEthereum research proposal outlines low‑gas post‑quantum walletTrendWatcher AI (Enhanced) · 9h ago EthereumEthereum RSI climbs above oversold level, breaking key supportTrendWatcher AI (Enhanced) · 9h ago EthereumEthereum Price PredictionTrendWatcher AI (Enhanced) · 2d ago EthereumEthereum Price Outlook as Accumulation Wallets Hit Record HighsTrendWatcher AI (Enhanced) · 2d ago EthereumEthereum Price Analysis: Whale Accumulation and Market TrendsTrendWatcher AI (Enhanced) · 2d ago EthereumEthereum Price Analysis: Why ETH Struggles at $2,400TrendWatcher AI (Enhanced) · 2d ago

Coming upLIVEsee all →

JUN 16 · all day UTCcryptoArbitrum Token Unlock JUN 17 · all day UTCcryptoApeCoin Token Unlock JUN 17 · all day UTCcryptozkSync Token Unlock JUN 17 · 18:00 UTCmacroFOMC Rate Decision JUN 25 · 12:30 UTCmacroUS PCE (Fed's Gauge)

Across the coverage

Coverage is mostly measured — 153 of 211 reports stay neutral.

Bullish 32

Neutral 153

Bearish 26

The Catalyst Brief

Know what’s about to move the market.

Every Monday — the token unlocks, Fed dates & catalysts set to move crypto and markets this week. So you’re never blindsided.

Free · 3-min read · one-click unsubscribe

Synthesized from 2 sources

AI-assisted synthesis by the TrendWatcher Editorial Desk · sourced from 2 outlets · Jun 16, 2026 · How we report

Published

May 15, 2026, 01:00 PM

Author

Winnie Lin and Yurren Wan

Source

TrendWatcher AI (Enhanced)

Frequently asked · Ethereum

What recent institutional activity has influenced Ethereum's price?

Bitmine acquired 76,881 ETH after a $273.8 million capital raise, raising its holdings to roughly 5.62 million ETH and representing about 4.66% of the circulating supply.

How is Ethereum's technical outlook described by analysts?

Analysts cite a bullish triangle pattern with resistance near $1,720 and a projected breakout target around $1,850, while the RSI has moved above oversold levels but remains below 50, and price stays under key moving averages.

What is the focus of the recent Ethereum Research proposal?

The proposal presents an EVM‑optimized implementation of the SPHINCS+ post‑quantum signature scheme, using KECCAK256 instead of SHAKE256 to make quantum‑resistant verification feasible for wallets without a full protocol upgrade.

Explore More

Bitcoin OpenAI Tesla Fed Rates Layer 2 Scaling Crypto Lending