China-Linked SprySOCKS Backdoor Expands to Windows Systems

Cybersecurity researchers at ESET identified two previously undocumented Windows variants of the SprySOCKS backdoor, which was previously believed to target only Linux systems. The new variants are internally labeled as WIN_DRV and WIN_PLUS, both containing hard-coded command-and-control (C&C) configurations and supporting communication over TCP and UDP. The backdoor is attributed to a China-linked threat actor, though no specific group or campaign was named. No release dates, affected versions, or CVE identifiers were disclosed in the report. The discovery expands the threat’s operational scope to Windows environments, increasing potential attack surfaces.