SprySOCKS Windows Variant Abuses Kernel Drivers to Evade Detection

Summary

A new variant of the SprySOCKS malware has been identified, specifically targeting Windows systems by abusing kernel drivers to bypass security measures and evade detection. This sophisticated technique allows the malware to operate with elevated privileges and remain hidden from standard security tools. The threat actor behind this campaign is believed to be FishMonger, a group with suspected ties to China, which has previously deployed a Linux version of the backdoor against government entities in multiple countries.

Entities