EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Updated on November 19, 2025

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks.
EdgeStepper “redirects all DNS queries to an external, malicious hijacking node, effectively rerouting the traffic from legitimate infrastructure used for software updates to attacker-controlled infrastructure…

Read the rest of the story at Read More

Source: The Hacker News

December 5, 2024 Uncategorized

This $3,000 Android Trojan Targeting Ban...

July 31, 2024 Uncategorized

Meta Settles for $1.4 Billion with Texas...

January 16, 2024 Uncategorized

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

Related posts

This $3,000 Android Trojan Targeting Ban...

Meta Settles for $1.4 Billion with Texas...

Remcos RAT Spreading Through Adult Games...

Leave a Comment Cancel reply

Recent News

ThreatsDay Bulletin: 0-Days, LinkedIn Spies, Crypto Crimes, IoT Flaws and New Malware Waves

CTM360 Exposes a Global WhatsApp Hijacking Campaign: HackOnChat

New Sturnus Android Trojan Quietly Captures Encrypted Chats and Hijacks Devices

Iran-Linked Hackers Mapped Ship AIS Data Days Before Real-World Missile Strike Attempt

TamperedChef Malware Spreads via Fake Software Installers in Ongoing Global Campaign

Hackers Actively Exploiting 7-Zip Symbolic Link–Based RCE Vulnerability (CVE-2025-11001)

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

WrtHug Exploits Six ASUS WRT Flaws to Hijack Tens of Thousands of EoL Routers Worldwide

Application Containment: How to Use Ringfencing to Prevent the Weaponization of Trusted Software

EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates