SprySOCKS: The Latest Linux Malware Unleashing Cyber Espionage Attacks

Chinese hacker group Earth Lusca has been targeting government agencies worldwide with a new Linux backdoor called SprySOCKS. The malware, which originated from the Trochilus Windows malware, has been adapted for Linux systems and combines features from other malware. Earth Lusca exploits n-day vulnerabilities to gain initial access and deploys Cobalt Strike beacons for remote access. The SprySOCKS loader is dropped to establish persistence and perform various malicious activities, including collecting system information, starting an interactive shell, managing SOCKS proxy configurations, and conducting basic file operations. Organizations are advised to apply security updates to prevent compromise from Earth Lusca.