Deep#Door Python Backdoor Targets Windows Systems for Credential Theft

Deep#Door Python Backdoor Targets Windows Systems for Credential Theft

First seen 1 May 2026, 07:33 UTC Infosecurity-MagazineGbhackersCybersecuritynewsSecurityaffairs.Cowww.securonix.com 82% similarity 66.5

Article Content

Browse articles
ThreatCluster

Deep#Door is a newly discovered Python-based backdoor targeting Windows systems, identified by Securonix. It employs an obfuscated batch script to deploy a persistent implant capable of long-term surveillance and credential theft. The malware disables Windows security features and uses a public TCP tunneling service to obscure its communications. Key targets include browser passwords, cloud tokens, SSH keys, and Wi-Fi credentials. Deep#Door's stealthy nature allows it to blend malicious activity with legitimate system behavior, complicating detection efforts. It features multiple persistence mechanisms and anti-analysis techniques, making it difficult to remove once installed. The malware can also cause system crashes and overwrite boot records, indicating potential for disruptive attacks. Currently, it poses a significant threat to Windows users, particularly in enterprise environments.

Key Points: • Deep#Door uses an obfuscated batch script to deploy a persistent backdoor on Windows systems. • The malware disables security controls and communicates via a public TCP tunneling service. • It targets sensitive data including browser passwords, cloud tokens, and SSH keys.

ThreatCluster AI

Timeline

2026-04-30
Securonix identifies Deep#Door malware targeting Windows systems.
2026-05-01
Gbhackers and Cybersecuritynews report on Deep#Door's capabilities.

Community

Browse all →