The Daxin malware has been discovered in a Taiwan manufacturing firm after being dormant for over four years, alongside a new backdoor called Stupig. This development highlights ongoing threats to critical infrastructure and the sophistication of malware that can evade detection for years.
Daxin, a kernel-mode rootkit associated with a China-linked actor, was identified in a Taiwanese manufacturing firm. It was previously documented in 2022 by Symantec but had been inactive since then. Its recent discovery marks a significant development in long-term cyber threats targeting critical infrastructure.
The compromised host belongs to a subsidiary of a multinational high-tech manufacturer, underscoring the potential risks associated with such sectors.
Alongside Daxin, a new backdoor named Stupig was detected, which masquerades as a legitimate Microsoft DLL. This backdoor's unique method allows it to execute commands at the Windows logon screen, enabling attackers to bypass typical security measures.
Both Daxin and Stupig share a compilation timestamp from 2013, suggesting a prolonged undetected presence on the compromised system. Even though active reporting started in May 2026, indications show that the malware might have been sitting dormant for over 13 years.
Daxin employs a novel command-and-control (C2) strategy by not establishing direct outbound connections. Instead, it hijacks legitimate TCP connections to communicate with its operators, making detection with standard network monitoring tools extremely challenging. This capability allows it to operate efficiently across networks without internet connectivity.
β¨ This summary was generated by AI from the outlets' reporting listed below. It is not independently verified and may contain errors β check the original sources. How BrevFeed works β
The Daxin malware has been discovered in a Taiwan manufacturing firm after being dormant for over four years, alongside a new backdoor called Stupig. This development highlights ongoing threats to critical infrastructure and the sophistication of malware that can evade detection for years.