ESET researchers discovered two undocumented Windows variants of the SprySOCKS backdoor, WINDRV and WINPLUS, attributed to the China-aligned FishMonger APT. These variants utilize advanced stealth techniques, including a custom kernel driver for hiding artifacts and diverting TCP traffic, as well as print processor abuse for persistence.