{
  "$type": "site.standard.document",
  "bskyPostRef": {
    "cid": "bafyreihp5k2eb5qzfdokopxzcce3v4vekkijqy77ps3zuoqhu57m3nmdxi",
    "uri": "at://did:plc:6wtxqaikjf62unmnajbfbq5v/app.bsky.feed.post/3mjg5vl72k7j2"
  },
  "coverImage": {
    "$type": "blob",
    "ref": {
      "$link": "bafkreidonadhv7gj7khl2mktvgsxxqt72kqskirr3qv33qn6bfqvlb4e6q"
    },
    "mimeType": "image/webp",
    "size": 47164
  },
  "path": "/vipertunnel-hides-in-a-fake-dll-and-turns-python-into-a-stealthy-socks5-backdoor/",
  "publishedAt": "2026-04-13T17:11:03.000Z",
  "site": "https://vpncentral.com",
  "tags": [
    "News",
    "VIPERTUNNEL hides in a fake DLL and turns Python into a stealthy SOCKS5 backdoor",
    "VPN Central"
  ],
  "textContent": "A newly detailed malware campaign shows how attackers can turn a normal Python runtime into a quiet persistence and tunneling tool on Windows. InfoGuard Labs says the backdoor, called VIPERTUNNEL, hides behind a layered loader chain, abuses Python startup behavior, and ultimately gives attackers a SOCKS5 proxy channel into compromised networks. The most interesting part […]\n\nThe post VIPERTUNNEL hides in a fake DLL and turns Python into a stealthy SOCKS5 backdoor appeared first on VPN Central.",
  "title": "VIPERTUNNEL hides in a fake DLL and turns Python into a stealthy SOCKS5 backdoor"
}