RECENT research from Symantec revealed that the Daxin malware, linked to China, remains operational thirteen years after its initial discovery, having been found in a Taiwan-based manufacturer's network. This kernel-mode rootkit employs advanced techniques to communicate covertly by hijacking existing internet connections, making it difficult to detect via traditional network monitoring.
Additionally, a new backdoor called Stupig was also uncovered on the same system, disguising itself as a legitimate Windows DLL file to gain SYSTEM-level access before user authentication. The combined capabilities of these malware variants pose a significant security threat, highlighting the need for increased monitoring of unusual DLL activities in the Windows login process.