VIPERTUNNEL hides in a fake DLL and turns Python into a stealthy SOCKS5 backdoor

A newly detailed malware campaign shows how attackers can turn a normal Python runtime into a quiet persistence and tunneling tool on Windows. InfoGuard Labs says the backdoor, called VIPERTUNNEL, hides behind a layered loader chain, abuses Python startup behavior, and ultimately gives attackers a SOCKS5 proxy channel into compromised networks. The most interesting part […] The post VIPERTUNNEL hides in a fake DLL and turns Python into a stealthy SOCKS5 backdoor appeared first on VPN Central.