DEEP#DOOR backdoor steals browser and cloud credentials
Updated
Updated · The Hacker News · Apr 30
DEEP#DOOR backdoor steals browser and cloud credentials
3 articles · Updated · The Hacker News · Apr 30
Securonix said the Python malware uses an obfuscated Windows batch installer, persistence via Startup scripts, registry keys and scheduled tasks, and communicates through the bore.pub tunnelling service.
It can run commands, log keystrokes, capture screenshots, access webcams and microphones, and steal credentials from Chrome, Firefox, Windows Credential Manager, AWS, Google Cloud and Azure.
Researchers said observed use appears limited and targeted, with no clear geographic or sector pattern yet, but its anti-analysis features and embedded payload make detection, forensics and remediation harder.
How can open-source developers protect their legitimate tools from being weaponized by cybercriminals?
With malware now disabling security software, is the cybersecurity arms race entering an unwinnable phase?
Is malware that erases its own tracks making traditional digital forensics impossible?
DEEP#DOOR and DeepLoad: How AI-Powered Fileless Malware Bypasses Defenses and Threatens Cloud Identities
Overview
The report highlights two advanced malware families, DEEP#DOOR and DeepLoad, that emerged in 2026 with sophisticated stealth and persistence techniques. DEEP#DOOR uses a Python payload executed in memory to avoid detection, establishing multi-layer persistence and evading defenses by patching security interfaces and masking its command-and-control traffic. DeepLoad leverages AI-generated junk code for obfuscation, injecting into trusted system processes and using WMI for stealthy persistence. Both malware families steal credentials, including session tokens that create long-lasting risks. DeepLoad’s AI-driven obfuscation exemplifies how automation accelerates attack lifecycles, making detection harder. Together, these threats reveal a shift toward fileless, AI-powered attacks that demand new, behavior-focused defense strategies.