Alert: Fake Legal Notices Used to Steal Data

A new legal notice phishing campaign 2026 is currently hitting the healthcare, government, and education sectors. Attackers use high-pressure tactics to trick employees into downloading malware disguised as urgent documents.

How the Trap Works

The attack starts with fake copyright violation notices sent via email. These messages mimic official warnings to create a sense of urgency, leading the victim toward a malicious legal document download.

1. The Hook: An email claims you used copyrighted images illegally.
2. The Trap: A link to "view evidence" looks like a PDF but is actually a script.
3. The Payload: It executes the PureLog infostealer directly in the system's memory.

According to devs.com.pt recently reported data, the malware bypasses traditional antivirus by running in-memory, making it nearly invisible to basic scanners. Once inside, it harvests browser credentials, crypto wallets, and system screenshots.

Stealth and Risks

What makes this threat dangerous is "fileless" execution. This level of technical complexity is a major topic at current IT conferences, as attackers use code obfuscation to hide their tracks and remain persistent within the network.

Protecting Your Organization

Expert IT news suggest that simple email filters are no longer enough. Modern security strategies now recommend a multi-layered defense:

• EDR/XDR Solutions: Tools that monitor suspicious activity in real-time.
• User Training: Teaching staff to be skeptical of unexpected legal threats.
• Network Monitoring: Watching for unauthorized data being sent to unknown servers.