Close Menu
    What's Hot

    The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials

    Gay-Themed Mediterranean Cruise Turned Away From Turkey and Then Egypt

    New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

    Facebook X (Twitter) Instagram
    Trending
    • The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials
    • Gay-Themed Mediterranean Cruise Turned Away From Turkey and Then Egypt
    • New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password
    • What is a micro cap IPO, and why are they disappearing from the stock market?
    • Tourist Helicopter Struck Geese Before Crashing in Hudson River, Documents Show
    • Opinion | Lionel Messi Is Walking Into History
    • Ukrainians Protest Zelensky’s Cabinet Reshuffle, Firing of Defense Minister
    • Delightful World Cup Stories – The New York Times
    interluknewsinterluknews
    • Home
    • Business
      • Corporate News
      • Industry Insights
      • Startups & Entrepreneurship
      • Technology & Innovation
    • Economy
      • Economic Policy
      • Financial Analysis
      • Inflation & Interest Rates
      • Trade & Markets
    • Global
      • Conflicts & Security
      • Diplomacy
      • Global Trends
      • International Affairs
    • Lifestyle
      • Fashion
      • Food & Dining
      • Personal Development
      • Travel
    • Opinion
      • Columns
      • Editorials
      • Expert Opinions
      • Reader Voices
    • More
      • Politics
        • Elections
        • Government & Policy
        • International Relations
        • Political Analysis
      • Sports
        • Cricket
        • Football / Soccer
        • International Sports
        • Local Sports
      • Technology
        • Artificial Intelligence
        • Cybersecurity
        • Gadgets & Reviews
        • Tech News
      • South Africa News
    Facebook X (Twitter) Instagram
    interluknewsinterluknews
    Cybersecurity

    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

    adminBy adminApril 30, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest Copy Link Telegram LinkedIn Tumblr Email
    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials
    Share
    Facebook Twitter LinkedIn Pinterest Email

    Ravie LakshmananApr 30, 2026Cloud Security / Threat Intelligence

    New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials

    Cybersecurity researchers have disclosed details of a stealthy Python-based backdoor framework called DEEP#DOOR that comes with capabilities to establish persistent access and harvest a wide range of sensitive information from compromised hosts.

    “The intrusion chain begins with execution of a batch script (‘install_obf.bat’) that disables Windows security controls, dynamically extracts an embedded Python payload (‘svc.py’), and establishes persistence through multiple mechanisms including Startup folder scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions,” Securonix researchers Akshay Gaikwad, Shikha Sangwan, and Aaron Beardslee said in a report shared with The Hacker News.

    It’s assessed that the batch script is distributed via traditional approaches like phishing. It’s currently not known how widespread attacks distributing the malware are, and if any of those infections have been successful.

    Cybersecurity

    What makes the attack chain noteworthy is that the core Python implant is embedded directly inside the dropper script, from where it’s extracted, reconstructed, and executed. This reduces the need for repeatedly having to reach out to external infrastructure and minimizes the forensic footprint. 

    Once launched, the malware establishes communication with “bore[.]pub,” a Rust-based tunneling service, allowing the operator to issue commands that facilitate remote command execution and extensive surveillance. This includes –

    • Reverse shell
    • System reconnaissance
    • Keylogging
    • Clipboard monitoring
    • Screenshot capture
    • Webcam access
    • Ambient audio recording
    • Web browser credential harvesting
    • SSH key extraction
    • Credentials stored in Google Chrome, Mozilla Firefox, and Windows Credential Manager
    • Cloud credential theft (Amazon Web Services, Google Cloud, and Microsoft Azure)

    The use of public TCP tunneling service for command-and-control (C2) offers several advantages in that it eliminates the need for setting up dedicated infrastructure, blends malicious traffic, and avoids embedding details of the server within the payload.

    In parallel, DEEP#DOOR incorporates a bevy of anti-analysis and defense evasion mechanisms, such as sandbox, debugger, and virtual machine (VM) detection, AMSI and Event Tracing for Windows (ETW) patching, NTDLL unhooking, Microsoft Defender tampering, SmartScreen bypass, PowerShell logging suppression, command-line wiping, timestamp stomping, and log clearing, to fly under the radar and complicate incident response efforts. 

    Cybersecurity

    It also employs multiple persistence mechanisms that involve creating Windows Startup folder scripts, Registry Run keys, and scheduled tasks, while also relying on a watchdog mechanism to make sure the persistence artifacts have not been removed, and if so, automatically recreate them, making remediation challenging.

    “The resulting implant operates as a fully featured Remote Access Trojan (RAT) capable of long-term persistence, espionage, lateral movement, and post-exploitation operations within compromised environments,” Securonix said. “The implant prioritizes evading detection and forensic visibility by directly tampering with Windows security and telemetry mechanisms.”

    “DEEP#DOOR highlights the continued evolution of threat actors toward fileless, script-driven intrusion frameworks that rely heavily on native system components and interpreted languages like Python. By embedding the payload directly within the dropper and extracting it at runtime, the malware significantly reduces external dependencies and limits traditional detection opportunities.”

    Backdoor Browser Cloud Credentials Python service steal Tunneling
    Follow on Google News Follow on Flipboard
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email Copy Link
    Previous Articleyou and the ANC are to blame for violent crime – The Mail & Guardian
    Next Article Spotify’s New Verification Badge Shows That Music Is Not AI-Generated
    admin
    • Website

    Related Posts

    The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials

    July 16, 2026

    New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

    July 16, 2026

    Two Scattered Spider Hackers Get 5.5 Years Each for £29 Million TfL Hack

    July 16, 2026
    Leave A Reply Cancel Reply

    Demo
    Latest Posts

    The agent security gap: 54% of enterprises have already had an AI agent incident, and most still let agents share credentials

    Gay-Themed Mediterranean Cruise Turned Away From Turkey and Then Egypt

    New ClickLock macOS Stealer Kills Apps Every 210ms Until Victims Type Their Password

    What is a micro cap IPO, and why are they disappearing from the stock market?

    Latest Posts

    Subscribe to News

    Get the latest sports news from NewsSite about world, sports and politics.

    Advertisement
    Demo

    We are a digital news platform delivering timely, accurate, and insightful coverage of politics, global affairs, business, economy, sports, and more. Our mission is to keep readers informed with reliable news, clear analysis, and stories that truly matter.
    We're social. Connect with us:

    Facebook X (Twitter) Instagram Pinterest YouTube

    Subscribe to Updates

    Get the latest creative news from FooBar about art, design and business.

    Type above and press Enter to search. Press Esc to cancel.

    Powered by
    ...
    ►
    Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
    None
    ►
    Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
    None
    ►
    Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
    None
    ►
    Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
    None
    ►
    Unclassified cookies are cookies that we are in the process of classifying, together with the providers of individual cookies.
    None
    Powered by