All Topics
All Topics
Technology
Technology
AI
AI
Business
Business
Entertainment
Entertainment
News
News
Programming
Programming
Security
Security
Science
Science
Design
Design
Environment
Environment
Finance
Finance
Crypto
Crypto
Politics
Politics
Sports
Sports
Education
Education
Gaming
Gaming
Art
Art
Music
Music
Health
Health
Books
Books
Food
Food
Travel
Travel
Personal
Personal
Bluesky
Twitter

Windows Variant of SprySOCKS Backdoor Discovered, Abuses Kernel Drivers for Stealth

By

Rob Wright

2h ago· 6 min readenNews

Summary

ESET researchers have discovered a previously undocumented Windows variant of SprySOCKS, a Linux backdoor used by the China-nexus threat group FishMonger (aka Earth Lusca/Aquatic Panda). This new variant abuses kernel drivers to evade detection and has been deployed against government targets in multiple countries. FishMonger was previously tied to i-Soon, a Chinese technology company conducting cyber operations on behalf of the PRC.

Source

bskyWindows Variant of SprySOCKS Backdoor Discovered, Abuses Kernel Drivers for Stealthdarkreading.com

Key quotes

· 3 pulled
FishMonger, a notorious nation-state threat group tied to a Chinese technology company, has expanded its tooling with a Windows backdoor that uses kernel drivers to remain undetected.
ESET discovered a previously undocumented version of SprySOCKS, a Linux backdoor that initially was observed in 2023 in threat activity from FishMonger (aka Earth Lusca and Aquatic Panda).
Last year, the cyber-espionage group was tied to i-Soon, a Chinese technology company that conducted cyber operations on behalf of the People's Republic of China (PRC).
Snippet from the RSS feed
FishMonger, a China-nexus threat group, has deployed an undocumented version of the Linux backdoor against government targets in several countries.

You might also wanna read

Security Analysis: Exploiting Kernel Stack Use-After-Free Vulnerabilities in NVIDIA's Linux GPU Drivers

This technical article details two critical security vulnerabilities discovered in NVIDIA's Linux Open GPU Kernel Modules - specifically a k

blog.quarkslab.com·8mo ago

FreeBSD 14.x Kernel LPE Vulnerability: FatGid Exploit Details

This article details a Local Privilege Escalation (LPE) vulnerability in the FreeBSD 14.x kernel, specifically in the kern_setcred_copyin_su

fatgid.io·1mo ago

MakuluLinux (6.4M Downloads) Ships Persistent Backdoor from Developer's Own C2

werai.ca·4mo ago

Technical Analysis of CVE-2025-53149: Heap-based Buffer Overflow in Windows Kernel Streaming Driver

Researchers discovered CVE-2025-53149, a heap-based buffer overflow vulnerability in the Windows Kernel Streaming WOW Thunk Service Driver (

crowdfense.com·9mo ago

Singularity: A Stealthy Linux Kernel Rootkit for Modern 6.x Kernels

Singularity is a sophisticated Linux Kernel Module (LKM) rootkit designed for modern 6.x kernels that provides comprehensive stealth capabil

github.com·5mo ago

GNU IFUNC, Not xz-utils, Is the Real Culprit Behind CVE-2024-3094 Backdoor

This article argues that the real culprit behind CVE-2024-3094 (the xz-utils backdoor) is not the malicious code injection itself, but rathe

GitHub·1mo ago

Comments

Sign in to join the conversation.

No comments yet. Be the first.