An obfuscated multi-stage loader chain is being used to deploy the VIPERTUNNEL Python backdoor via a fake DLL and stealthy Python persistence, enabling SOCKS5 tunneling over port 443 and tightly linked to UNC2165/EvilCorp and former RansomHub affiliates. Obfuscated Python persistence and Fake DLL loader During a DragonForce ransomware intrusion, investigators identified a suspicious scheduled task […] The post Obfuscated Loader Chain Delivers VIPERTUNNEL Backdoor via Fake DLL appeared first on Cyber Security News.