Stealthy Python RAT Uses Hidden C2 Tunnel to Harvest Browser and Cloud Credentials

May 1, 2026 at 10:42 PM

•

1 min read

Stealthy Python RAT Uses Hidden C2 Tunnel to Harvest Browser and Cloud Credentials — Photo: The Hacker News

TL;DR Summary

Security researchers uncovered DEEP#DOOR, a Python-based backdoor that embeds its payload in a dropper and gains persistence via Startup scripts, Run keys, Scheduled Tasks, and optional WMI subscriptions. It uses a Rust-based tunneling service (bore.pub) for C2 and offers full RAT capabilities—reverse shell, reconnaissance, keylogging, screen/audio capture, webcam access, and credential theft from browsers, cloud services, and Windows Credential Manager—while employing anti-analysis and defense-evasion techniques. Distribution appears phishing-based and targeted, with a modular, fileless design; it could be repurposed by different actors.

Topics:technology #backdoor #cybersecurity #phishing #python #remote-access-trojan #technology

Share this article

New Python Backdoor Uses Tunneling Service to Steal Browser and Cloud Credentials The Hacker News
Deep#Door Stealer Harvests Browser Passwords, Cloud Tokens, SSH Keys, and Wi-Fi Credentials CyberSecurityNews
Clandestine Deep#Door stealer facilitates long-term data compromise SC Media
Securonix Highlights New Research on Stealthy Enterprise Malware Campaign TipRanks
New Deep#Door Stealer Campaign Spills Browser Passwords, Cloud Tokens, and SSH Keys cyberpress.org

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 3 min read

Condensed

86%

586 → 82 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights