Sprysocks

Malware Profile Updated 14 days ago
Download STIX
Preview STIX
SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowledge. SprySOCKS specifically targets Linux systems, infiltrating them through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The discovery of SprySOCKS was first reported in October 2020 on the Security Affairs website. The report detailed how Earth Lusca used this backdoor malware to gain unauthorized access to Linux systems. This marked a significant expansion of Earth Lusca's capabilities, as the group had previously been associated with other forms of cyber threats but not specifically with Linux-targeting malware. Since its discovery, SprySOCKS has posed a considerable threat to Linux systems worldwide. It is a clear demonstration of Earth Lusca's evolving tactics and increasing sophistication in cyber warfare. Cybersecurity experts recommend users to maintain up-to-date security measures, avoid suspicious downloads, and regularly monitor their systems for any signs of intrusion to mitigate the risk of falling victim to such attacks.
What's your take? (Question 1 of 5)
Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.
Possible Aliases / Cluster overlaps
It's hard to track cluster overlaps and naming conventions between vendors, so here are some possible overlapping names / profiles you also may want to look at.
IDVotesProfile Description
Miscellaneous Associations
Other elements of context that could aid in the identification of relevance
Linux
Backdoor
Malware
Windows
Loader
Payload
Injector
Espionage
Spyware
Vulnerability
Apt
Smishing
Chromium
Known Exploi...
Chrome
Ddos
Proxy
Rat
Remote Code ...
Facebook
Zero Day
Exploit
Associated Malware
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
RedLeavesUnspecified
4
RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected s
DerusbiUnspecified
2
Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool
LuadreamUnspecified
1
LuaDream is a type of malware, specifically designed to exploit and damage computer systems or devices. This malicious software infiltrates systems through suspicious downloads, emails, or websites, often unbeknownst to the user. Once inside, it can steal personal information, disrupt operations, or
PredatorUnspecified
1
Predator is a potent malware that, along with NSO Group's Pegasus, remains a leading provider of mercenary spyware. Despite public disclosures in September 2023, Predator's operators have continued their operations with minimal changes, exploiting recently patched zero-day vulnerabilities in Apple a
Predator SpywareUnspecified
1
Predator Spyware is a type of malware, or malicious software, that has recently been identified as a significant threat to digital security. This harmful program infiltrates devices without the user's knowledge, often through suspicious downloads, emails, or websites. Once installed, it can steal pe
Royal RansomwareUnspecified
1
Royal Ransomware is a type of malware that has been causing significant disruptions in various sectors, particularly in the United States. Originating from the now-defunct Conti ransomware operation, Royal Ransomware was notorious for its multi-threaded encryption and ability to kill processes withi
P2pinfectUnspecified
1
P2Pinfect is a sophisticated and evolving malware that has been causing significant security concerns. Initially, it was designed to target routers and Internet of Things (IoT) devices, exploiting their vulnerabilities to infiltrate networks and spread its malicious activities. However, recent devel
Associated Threat Actors
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
Earth LuscaUnspecified
6
Earth Lusca, a threat actor known for its malicious activities in the cyber world, has recently expanded its arsenal with the addition of a new tool, SprySOCKS Linux malware. This development was reported by Security Affairs in October 2020. Earth Lusca can be an individual, a private company, or pa
WinntiUnspecified
1
Winnti, a threat actor or group also known as Starchy Taurus and APT41, has been active since at least 2007, first identified by Kaspersky in 2013. This Chinese state-sponsored entity is renowned for its ability to target supply chains of legitimate software to disseminate malware. The group is link
Associated Vulnerabilities
To see the evidence that has resulted in this association, create a free account
IDTypeVotesProfile Description
CVE-2023-36845Unspecified
1
CVE-2023-36845 is a significant software vulnerability, specifically a PHP external variable modification bug, identified by WatchTowr Labs' security researchers. The flaw was part of a series of vulnerabilities linked to the SRX firewall system, including a missing authentication for critical funct
CVE-2023-5009Unspecified
1
None
Source Document References
Information about the Sprysocks Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more
SourceCreatedAtTitle
Securityaffairs
7 days ago
Security Affairs Malware Newsletter - Round 1
Securityaffairs
14 days ago
Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
21 days ago
Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
a month ago
Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
2 months ago
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs
3 months ago
Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs
3 months ago
Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 464 by Pierluigi Paganini
Trend Micro
4 months ago
Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Securityaffairs
4 months ago
Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs
4 months ago
Security Affairs newsletter Round 461 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 460 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 459 by Pierluigi Paganini
Securityaffairs
5 months ago
Security Affairs newsletter Round 457 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 456 by Pierluigi Paganini
Securityaffairs
6 months ago
Security Affairs newsletter Round 454 by Pierluigi Paganini