> TritonInfoSec News
Home / Jun 17, 2026 / Story
0
#2 The Hacker News general June 16, 2026 at 09:44 UTC

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

By [email protected] (The Hacker News)

AI Summary

ESET researchers disclosed two previously undocumented Windows variants of SprySOCKS — previously believed to be Linux-only — dubbed WIN_DRV and WIN_PLUS, attributed to China-nexus threat group FishMonger. Both variants use kernel driver-based stealth for C2 communication over TCP and UDP, and have been deployed against government organizations in Honduras, Taiwan, Thailand, and Pakistan.

Read full article → https://thehackernews.com/2026/06/china-linked-spr…

Relevance score: 86.0/100

# More from June 17

  1. 1
    Attackers Exploit Three Fortinet FortiSandbox Flaws, One Patched Last Week The Hacker News
  2. 3
    Cisco Releases Security Updates for Actively Exploited SD-WAN Manager Flaw The Hacker News
  3. 4
    Chinese Hackers Abused Google Workspace Rules to Steal Research and Defense Emails The Hacker News
  4. 5
    One-Click Microsoft 365 Copilot Flaw Could Have Let Attackers Steal Emails, Files, and MFA Codes The Hacker News
  5. 6
    Atomic Arch Supply Chain Attack Hits 1,500 AUR Packages SecurityWeek
  6. 7
    CISA Flags LiteSpeed cPanel Plugin Flaw Exploited for Root Privilege Escalation The Hacker News
  7. 8
    Ransomware gang abuses Microsoft Teams relays to hide malicious traffic BleepingComputer
  8. 9
    Fake Microsoft Alerts Used to Deploy North Korean NarwhalRAT Malware The Hacker News
  9. 10
    OptinMonster WordPress plugin hacked in CDN supply-chain attack BleepingComputer