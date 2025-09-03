Advanced stealth has been exhibited by the newly emergent MystRodX backdoor, also known as ChronosRAT, reports The Hacker News

MystRodX has been spread using a dropper that monitors debuggers and virtual machines before proceeding with next-stage payload decryption, with the payload promptly launched after the daytime process is verified to be non-operational, according to an analysis from QiAnXin XLab researchers.

Additional findings also revealed MystRodX's ability to serve as a passive backdoor that is run following DNS or ICMP network packet delivery.

"Unlike well-known stealth backdoors like SYNful Knock, which manipulates TCP header fields to hide commands, MystRodX uses a simpler yet effective approach: it hides activation instructions directly in the payload of ICMP packets or within DNS query domains," said researchers.