CyberSecurityBoardThreat Intel · CVEs · Products
Critical CVEs

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth

June 25, 2026

China-Linked SprySOCKS Backdoor Expands to Windows with Driver-Based Stealth Ravie LakshmananJun 16, 2026Malware / Cyber Espionage Cybersecurity researchers have flagged two previously undocumented Windows variants of what was believed to be a Linux-only backdoor called SprySOCKS. "The Windows variants discovered are internally marked as WIN_DRV and WIN_PLUS," ESET said in a report shared with The Hacker News. "Both come with a hard-coded C&C [command-and-control] configuration and support communication over TCP, UDP, and WebSocket protocols." Like its Linux counterpart, the Windows versions support more than 30 commands to facilitate system information collection, process enumeration, service management, and file system operations. WIN_DRV has also been found to utilize kernel drivers to conceal the malware's network connections, processes, files, and registry keys. In…

CVEs: CVE-2023-24932, CVE-2026-11645