VMTech
+381 11 4150 20024/7 Discuss a project
← All Instagram insights VMTECH · INSTAGRAM

SprySOCKS on Windows: ESET Detects WIN_DRV and WIN_PLUS with Driver Stealth

SprySOCKS вышел на Windows: ESET обнаружил WIN_DRV и WIN_PLUS с драйверным стелсом

Colleagues: note that Windows variants of the SprySOCKS backdoor have been discovered. ESET tracked WIN_DRV and WIN_PLUS: C2 channels over TCP/UDP/WebSocket and more than 30 commands for data exfiltration, process and file control. WIN_DRV employs kernel drivers (RawWNPF, DriverLoader) to conceal connections, processes and registry entries and to reroute TCP via randomized ports. WIN_PLUS persists via the Print Spooler (print processor) and injects into svchost. Both variants were observed in 2023–2024 attacks against government entities. Why it matters: a Windows port combined with driver-level stealth complicates detection—ensure patching, monitor drivers and integrity controls. How will you bolster defenses against such chains? #cybersecurity #APT #ESET #stealth

Latest comments

No comments yet.