Deep#Door Python Backdoor Evades Detection on Windows Systems
A new Python-based backdoor, named Deep#Door, has been identified as a significant threat to Windows systems. According to research by Securonix, this malware is capable of long-term surveillance and credential theft. It uses an obfuscated batch script to deploy a persistent implant, effectively bypassing traditional detection methods. Unlike many malware loaders that retrieve payloads from external servers, Deep#Door embeds its malicious Python code directly within the dropper script. This self-contained approach reduces network indicators and allows the malware to reconstruct its payload both in memory and on disk during execution. The malware employs multiple persistence methods, including Windows Management Instrumentation (WMI) subscriptions, and disables security controls such as Windows Defender. It communicates with attacker infrastructure via a public TCP tunneling service, blending malicious traffic with legitimate connections. 
