Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

DEEP#DOOR Python backdoor framework

Malware Activity
First reported
Last updated
Happening score
H score 16
1 unique sources, 1 articles

Summary

Hide ▲

DEEP#DOOR is a newly disclosed Python-based backdoor framework that can keep persistent access to compromised Windows hosts while stealing browser, SSH, and cloud credentials. The malware uses install_obf.bat to disable security controls, extract svc.py, and plant persistence through Startup scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions. It then connects to bore[.]pub for C2, enabling remote command execution, surveillance, and multiple anti-analysis evasion techniques. Researchers say the activity appears limited and somewhat targeted, but the framework is built for long-term post-exploitation use.

Related Happenings

ModeloRAT malicious PowerShell and Dropbox delivery activity

Malware Activity
First: 14.05.2026 15:12 Last: 14.05.2026 15:12 Sources 1

About this happening: The **ModeloRAT** activity now uses a **malicious PowerShell command** and a **Dropbox ZIP payload** to gain persistent footholds, enabling **system reconnaissance**, **screenshot...

Open Happening

Open-OSS/privacy-filter Hugging Face infostealer activity

Malware Activity
First: 11.05.2026 10:05 Last: 11.05.2026 10:05 Sources 1

About this happening: A malicious **Hugging Face repository** called **Open-OSS/privacy-filter** impersonated **OpenAI's Privacy Filter** and delivered a **Rust-based information stealer** to **Windows...

Open Happening

LofyGang Minecraft LofyStealer campaign

Campaign
First: 28.04.2026 20:39 Last: 28.04.2026 20:39 Sources 1

About this happening: The **LofyGang** crew has re-emerged with a **Minecraft-player targeting** operation that uses **LofyStealer (GrabBot)**, increasing the risk of **credential and payment-data thef...

Open Happening

SilentGlass launch as a monitor-connection protection security device

Security Tool/Service
First: 22.04.2026 18:00 Last: 22.04.2026 18:00 Sources 1

About this happening: The **UK National Cyber Security Centre** has released **SilentGlass**, a plug-and-play device that blocks unexpected or malicious signals between **HDMI** or **display port** con...

Open Happening

DRILLAPP JavaScript backdoor through Microsoft Edge

Malware Activity
First: 16.03.2026 11:07 Last: 16.03.2026 11:07 Sources 1

About this happening: Observed in **February 2026**, the **DRILLAPP** backdoor now runs through **Microsoft Edge**, giving it **file access** plus access to the **microphone**, **webcam**, and **screen...

Open Happening

Timeline

  1. 30.04.2026 15:36 2 articles · 27d ago

    Securonix discloses DEEP#DOOR Python backdoor framework

    Initial Disclosure

    Securonix disclosed DEEP#DOOR, a Python-based backdoor framework for Windows that uses install_obf.bat to disable security controls, extract svc.py, establish persistence through Startup folder scripts, registry Run keys, scheduled tasks, and optional WMI subscriptions, and connect to bore[.]pub for tunneling-based command-and-control. The framework supports remote command execution, keylogging, clipboard monitoring, screenshot capture, webcam access, ambient audio recording, browser credential theft, SSH key extraction, and cloud credential theft from Amazon Web Services, Google Cloud, and Microsoft Azure, while using anti-analysis and defense-evasion techniques such as sandbox, debugger, and VM detection, AMSI and ETW patching, NTDLL unhooking, Microsoft Defender tampering, SmartScreen bypass, PowerShell logging suppression, command-line wiping, timestamp stomping, and log clearing.

    Show sources
    Open in new tab