Sprysocks

Malware updated 5 months ago (2024-06-30T14:44:15.634Z)

Download STIX

Preview STIX

SprySOCKS is a new strain of malware that has recently been added to the arsenal of Earth Lusca, an advanced persistent threat (APT) group known for its sophisticated cyberattacks. Malware, short for malicious software, is designed to exploit and damage computers or devices without the user's knowledge. SprySOCKS specifically targets Linux systems, infiltrating them through suspicious downloads, emails, or websites, and once inside, it can steal personal information, disrupt operations, or even hold data hostage for ransom. The discovery of SprySOCKS was first reported in October 2020 on the Security Affairs website. The report detailed how Earth Lusca used this backdoor malware to gain unauthorized access to Linux systems. This marked a significant expansion of Earth Lusca's capabilities, as the group had previously been associated with other forms of cyber threats but not specifically with Linux-targeting malware. Since its discovery, SprySOCKS has posed a considerable threat to Linux systems worldwide. It is a clear demonstration of Earth Lusca's evolving tactics and increasing sophistication in cyber warfare. Cybersecurity experts recommend users to maintain up-to-date security measures, avoid suspicious downloads, and regularly monitor their systems for any signs of intrusion to mitigate the risk of falling victim to such attacks.

Description last updated: 2024-06-30T13:23:30.849Z

What's your take? (Question 1 of 5)

Help tune the shared Cybergeist dataset, assist your peers, and earn karma. Expand the panel to get started.

Aliases We are not currently tracking any aliases

Miscellaneous Associations

Other elements of context that could aid in the identification of relevance

Linux

Malware

Windows

Backdoor

Loader

Payload

Injector

Espionage

Analyst Notes & Discussion

Be the first to leave your mark here! Log in to share your views and vote.

Associated Malware

To see the evidence that has resulted in these malware associations, create a free account

Alias Description	Association Type	Votes
The RedLeaves Malware is associated with Sprysocks. RedLeaves is a malicious software (malware) that has been utilized in cyber espionage campaigns for over five years, as reported by Trend Micro. This malware, which is known to infect Windows machines, operates as a remote access trojan (RAT), enabling unauthorized access and control over infected s	Unspecified	4
The Derusbi Malware is associated with Sprysocks. Derusbi is a sophisticated malware family known for its ability to target both Linux and Windows systems. It has been predominantly associated with Chinese cyber espionage operations since 2008, making it a significant concern in the realm of cybersecurity. The malware primarily functions as a tool	Unspecified	2

Associated Threat Actors

To see the evidence that has resulted in these threatActor associations, create a free account

Alias Description	Association Type	Votes
The Earth Lusca Threat Actor is associated with Sprysocks. Earth Lusca, a threat actor believed to be part of the China-backed Winnti collective, has been active since at least 2019 and is known for its cyber-espionage activities. The group primarily targets government organizations in Asia, Latin America, and other regions. Recently, it has expanded its ar	Unspecified	6

Source Document References

Information about the Sprysocks Malware was read from the documents corpus below. This display is limited to 20 results, create a free account to see more

Source Link	CreatedAt	Title
Securityaffairs	3 months ago	SECURITY AFFAIRS MALWARE NEWSLETTER – ROUND 6
Securityaffairs	4 months ago	security-affairs-malware-newsletter-round-5
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 3
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 2
Securityaffairs	4 months ago	Security Affairs Malware Newsletter - Round 1
Securityaffairs	5 months ago	Security Affairs newsletter Round 478 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 477 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	5 months ago	Security Affairs newsletter Round 476 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	6 months ago	Security Affairs newsletter Round 473 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 469 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 467 by Pierluigi Paganini – INTERNATIONAL EDITION
Securityaffairs	7 months ago	Security Affairs newsletter Round 466 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 465 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 464 by Pierluigi Paganini
Trend Micro	8 months ago	Earth Krahang Exploits Intergovernmental Trust to Launch Cross-Government Attacks
Securityaffairs	8 months ago	Security Affairs newsletter Round 463 by Pierluigi Paganini
Securityaffairs	8 months ago	Security Affairs newsletter Round 462 by Pierluigi Paganini
Securityaffairs	9 months ago	Security Affairs newsletter Round 461 by Pierluigi Paganini