Hackers are abusing a stealthy Python backdoor called VIPERTUNNEL, hiding it behind a fake DLL file and a multi‑stage obfuscated loader to quietly tunnel traffic out of victim networks. A review of persistence mechanisms revealed a sitecustomize.py file in C:\ProgramData\cp49s\Lib\. This special Python module auto‑loads at interpreter startup and can silently run code without command‑line input. This script used ctypes to […]

The post VIPERTUNNEL Python Backdoor Hidden in Fake DLL, Obfuscated Loader Chain appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Mayura Kathir

Source: gbHackers
Source Link: https://gbhackers.com/vipertunnel-python-backdoor/