MystRodX Backdoor Uses DNS and ICMP Triggers for Stealthy Control
Summary
Hide â˛
Show âŧ
A new backdoor named MystRodX, also known as ChronosRAT, has been identified. This malware, implemented in C++, supports various features for capturing sensitive data and includes stealth and flexibility mechanisms. It uses DNS and ICMP triggers for passive activation and has been linked to a China-nexus cyber espionage group called Liminal Panda. MystRodX has been active since at least January 2024 and is delivered via a dropper that includes anti-debugging and anti-virtualization checks. The backdoor can operate in both passive and active modes, depending on its configuration. In passive mode, it waits for activation messages via DNS or ICMP packets. In active mode, it establishes communication with a command-and-control (C2) server to execute received commands.
Timeline
-
02.09.2025 17:56 đ° 1 articles
MystRodX Backdoor Identified with DNS and ICMP Triggers
A new backdoor named MystRodX, also known as ChronosRAT, has been identified. This malware, implemented in C++, supports various features for capturing sensitive data and includes stealth and flexibility mechanisms. It uses DNS and ICMP triggers for passive activation and has been linked to a China-nexus cyber espionage group called Liminal Panda. MystRodX has been active since at least January 2024 and is delivered via a dropper that includes anti-debugging and anti-virtualization checks.
Show sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
Information Snippets
-
MystRodX is a backdoor implemented in C++ that supports file management, port forwarding, reverse shell, and socket management.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
-
The malware uses encryption to obscure source code and payloads, and can dynamically enable different functions based on configuration.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
-
MystRodX can be triggered by DNS or ICMP network packets, making it a passive backdoor.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
-
The malware has been active since at least January 2024 and is linked to the Liminal Panda cyber espionage group.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
-
MystRodX is delivered via a dropper that includes anti-debugging and anti-virtualization checks.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56
-
The backdoor operates in passive or active mode, depending on its configuration.
First reported: 02.09.2025 17:56đ° 1 source, 1 articleShow sources
- Researchers Warn of MystRodX Backdoor Using DNS and ICMP Triggers for Stealthy Control â thehackernews.com â 02.09.2025 17:56