Clandestine Deep#Door stealer facilitates long-term data compromise

Infosecurity Magazinereports that Windows systems are being stealthily targeted for protracted surveillance and credential exfiltration with the new Python-based Deep#Doorbackdoorframework.Attacks begin with the execution of an obfuscated batch file that deactivates Windows security controls prior to embedded Python payload extraction, with persistence achieved through registry run keys, scheduled tasks, and startup folder entries, findings from a Securonix analysis showed. Self-referential parsing that simulates fileless execution has been conducted by the loader ahead of delivering the backdoor, which communicates with attacker infrastructure using a public TCP tunneling service before proceeding with keylogging, browser credential theft, screenshot capturing, and microphone recording, as well as SSH key and cloud authentication token siphoning for lateral movement.Deep#Door was also observed to enable boot record overwrites and system crashes, indicating dual espionage and disruption functioning. Discovery of Deep#Door compromise has also been complicated by virtual machine, debugging tool, and sandbox environment checks, as well as Windows telemetry system patching capabilities.

Romania dispatch: Bucharest meeting marks 12 years of Europe’s cybercrime fight amid rising cyber threats

Trellix Confirms Source Code Breach With Unauthorized Repository Access

How safe is your money from cyber attack?

Former UMMC pharmacist indicted in nearly decades long cyber voyeurism case

New software supply chain attack uses sleeper packages for credential theft and CI tampering

More sophisticated EtherRAT malware variant delivered via trojanized installer