THE SprySOCKS backdoor, associated with a China-aligned espionage group known as FishMonger, has been upgraded to operate on Windows in addition to its existing Linux version. Recent ESET analysis identified two new Windows variants, WIN_DRV and WIN_PLUS, equipped with kernel-level stealth features that conceal their operations from detection tools. Active since 2023, the backdoor targets government organizations in various countries, including Honduras and Taiwan.
Key capabilities include system reconnaissance, process manipulation, and file management, along with keystroke logging. FishMonger is linked to a broader toolkit of malware, and concerns exist regarding potential UEFI bootkit attacks.