Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi”‘stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto”‘loads at interpreter startup and can silently run code without command”‘line input. This script used ctypes to […] The post VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.
First seen on gbhackers.com
Jump to article: gbhackers.com/vipertunnel-python-backdoor/
