Analyzing SERPENTINE#CLOUD: Threat Actors Abuse Cloudflare Tunnels to Infect Systems with Stealthy Python-Based Malware www.securonix.com/blog/anal…

Securonix threat researchers have been tracking a stealthy campaign involving (.lnk) files to deliver remote payloads hosted on attacker-controlled Cloudflare Tunnel subdomains. The infection chain ends in a Python-based shellcode loader that executes Donut-packed payloads entirely in memory.