The Deep#Door backdoor is a Python-based framework that initially executes via an obfuscated batch file to disable Windows security controls, achieves persistence through registry keys and scheduled tasks, and exfiltrates data via a TCP tunneling service. The malware performs extensive credential theft from browsers and cloud services, captures screenshots and audio, and includes anti-analysis checks to complicate detection. No CVSS score, specific affected versions, patches, or workarounds are provided in the article.
Malware , Data Security Clandestine Deep#Door stealer facilitates long-term data compromise May 1, 2026 Share By SC Staff Infosecurity Magazine reports that Windows systems are being stealthily targeted for protracted surveillance and credential exfiltration with the new Python-based Deep#Door backdoor framework. Attacks begin with the execution of an obfuscated batch file that deactivates Windows security controls prior to embedded Python payload extraction, with persistence achieved through registry run keys, scheduled tasks, and startup folder entries, findings from a Securonix analysis showed. Self-referential parsing that simulates fileless execution has been conducted by the loader ahead of delivering the backdoor, which communicates with attacker infrastructure using a public TCP tunneling service before proceeding with keylogging, browser credential theft, screenshot capturing, and microphone recording, as well as SSH key and cloud authentication token siphoning for lateral movement. Deep#Door was also observed to enable boot record overwrites and system crashes, indicating dual espionage and disruption functioning. Discovery of Deep#Door compromise has also been complicated by virtual machine, debugging tool, and sandbox environment checks, as well as Windows telemetry system patching capabilities. SC Staff Related Malware Celebrity data leak exposes private photos and messages due to stalkerware SC Staff May 1, 2026 Cybersecurity researcher Jeremiah Fowler discovered the data, which included intimate chat logs from apps like WhatsApp, Facebook, TikTok, and Instagram. Malware New Mach-O Man malware tapped by Lazarus in macOS-targeted ClickFix attacks SC Staff May 1, 2026 High-level fintech and cryptocurrency individuals, including executives and developers, have had their macOS environments targeted by the North Korean hacking collective Lazarus Group with the new Mach-O Man malware kit in a new ClickFix campaign, reports GBHackers News. Malware Novel Minecraft-targeting stealer tapped by reemergent LofyGang SC Staff April 30, 2026 Brazilian threat group LofyGang has resurfaced to compromise Minecraft players with the novel LofyStealer malware, also known as GrabBot, more than three years after its last attack campaign, The Hacker News reports. Get daily email updates SC Media's daily must-read of the most current and pressing daily news Business Email By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy . Subscribe Related Terms Adware Byte Cipher Cryptanalysis Cyclic Redundancy Check (CRC) Data Aggregation Data Loss Prevention (DLP) Decryption Diffie-Hellman Digital Envelope You can skip this ad in 5 seconds