VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

DEEP#DOOR: Python backdoor via public tunnel steals browser and cloud credentials

DEEP#DOOR: Python‑бэкдор через публичный туннель крадёт браузерные и облачные учётные данные

Colleagues, note a Python backdoor, DEEP#DOOR, has been identified.

Brief:
- Infection: a batch dropper extracts an embedded Python implant and establishes persistence.
- C2 via public tunnel (bore.pub): remote shell, keylogger, screenshots, webcam capture, exfiltration of browser and cloud credentials.
- Active defense evasion (AMSI/ETW patches, Defender interference, VM/sandbox checks) and a watchdog for artifact recovery.

Why it matters: fileless components and a public tunnel hinder detection and remediation, increasing compromise risk.

Recommendations: audit Startup entries, Registry Run keys, Scheduled Tasks; rotate credentials; restrict access to public tunnels.

Which measures do you apply in similar incidents?
#cybersecurity #incidentresponse #RAT #cloudsecurity

Latest comments

No comments yet.