🔫 PureRAT Campaign Embeds Fileless Payloads in PNG Files Trellix Advanced Rese...

🔫 PureRAT Campaign Embeds Fileless Payloads in PNG Files Trellix Advanced Research Center has identified a sophisticated PureRAT operation that conceals malicious PE files within PNG images using steganography. The multi-stage attack chain begins with a malicious .LNK file triggering obfuscated VBScript, which establishes persistence via Windows Task Scheduler and downloads weaponized PNG files from crixup[.]com. The campaign demonstrates advanced evasion through UAC bypass via cmstp.exe, anti-VM checks, and process hollowing into legitimate msbuild.exe. According to Trellix researchers, the fileless execution technique combined with living-off-the-land binaries renders traditional endpoint defenses largely ineffective. 🛰️ Open sources - closed narratives @sitreports