Trend Micro researchers discovered the Windows malware, which appears to be a Linux variant of the Trochilus remote access trojan (RAT). Its code was leaked and became publicly available in 2017.
Researchers link SprySOCKS to a Chinese cyber espionage threat actor called Earth Lusca. This group has targeted government organizations in Asia, Latin America and other regions since at least 2021.
Impact
This threat is of medium severity. SprySOCKS incorporates multiple functions, including collecting system information, initiating an interactive shell, listing network connections, and uploading and exfiltrating files.
DXC perspective
Organizations concerned about SprySOCKS should proactively manage their attack surface, minimize potential entry points, and monitor for abnormal behavior, especially across command-and-control (C2) traffic. DXC also recommends keeping all operating systems, software and firmware current with the latest updates and patches.
