Find notable cyber news and cases, enriched with sources, timelines, and signals.

DEEP#DOOR Python backdoor framework

Malware Activity
First reported
Last updated
Happening score
H score 28
1 unique sources, 1 articles

Summary

Hide ▲

DEEP#DOOR is a newly disclosed Python-based backdoor framework that can keep persistent access to compromised Windows hosts while stealing browser, SSH, and cloud credentials. The malware uses install_obf.bat to disable security controls, extract svc.py, and plant persistence through Startup scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions. It then connects to bore[.]pub for C2, enabling remote command execution, surveillance, and multiple anti-analysis evasion techniques. Researchers say the activity appears limited and somewhat targeted, but the framework is built for long-term post-exploitation use.

Related Happenings

GigaWiper / BLUERABBIT destructive Windows backdoor activity

Malware Activity
H score31 First: 09.07.2026 21:08 Last: 09.07.2026 21:08 Sources 1

About this happening: The **GigaWiper / BLUERABBIT** malware activity now combines **disk wiping**, **fake ransomware**, and **spyware backdoor** functions on **Windows**, increasing the chance that on...

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
H score16 First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
H score69 First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

LofyGang Minecraft LofyStealer campaign

Campaign
H score38 First: 28.04.2026 20:39 Last: 28.04.2026 20:39 Sources 1

About this happening: The **LofyGang** crew has re-emerged with a **Minecraft-player targeting** operation that uses **LofyStealer (GrabBot)**, increasing the risk of **credential and payment-data thef...

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
H score46 First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

Timeline

  1. 30.04.2026 15:36 2 articles · 2mo ago

    Securonix discloses DEEP#DOOR Python backdoor framework

    Initial Disclosure

    Securonix disclosed DEEP#DOOR, a Python-based backdoor framework for Windows that uses install_obf.bat to disable security controls, extract svc.py, establish persistence through Startup folder scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions, and connect to bore[.]pub for tunneling-based command-and-control. The framework supports remote command execution, keylogging, clipboard monitoring, screenshot capture, webcam access, ambient audio recording, browser credential theft, SSH key extraction, and cloud credential theft from Amazon Web Services, Google Cloud, and Microsoft Azure, while using anti-analysis and defense-evasion techniques such as sandbox, debugger, and VM detection, AMSI and ETW patching, NTDLL unhooking, Microsoft Defender tampering, SmartScreen bypass, PowerShell logging suppression, command-line wiping, timestamp stomping, and log clearing.

    Show sources