bojkotiMalbonaLinux backdoor is a Windows malware knockoff: https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
Benjamin Carr, Ph.D. 👨🏻💻🧬#Chinese hackers have unleashed a never-before-seen #Linux #backdoor
#SprySOCKS borrows from open source Windows #malware and adds new tricks. https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
#SprySOCKS borrows from open source Windows #malware and adds new tricks. https://arstechnica.com/security/2023/09/never-before-seen-linux-backdoor-is-a-windows-malware-knockoff/
CurnyThe China-linked #threat actor known as Earth Lusca has been observed targeting #government entities using a never-before-seen #Linux #backdoor called #SprySOCKS.
https://thehackernews.com/2023/09/earth-luscas-new-sprysocks-linux.html
ganselmartin
securityaffairs
tomo🚨 'new' SprySOCKS Linux malware 😬
https://www.trendmicro.com/en_us/research/23/i/earth-lusca-employs-new-linux-backdoor.html
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
Todd KnarrSo #SprySOCKS #malware. It's a relatively standard access-server backdoor, the only interesting bits are the names and signatures of the files that let you spot the infection. The interesting bits of course aren't SprySOCKS itself but the vulnerabilities that were used to deliver it in the first place (so you can block them) and the payloads it delivered (so you know what damage you need to fix and what additional compromises you need to look for).