Cyber Espionage Hijinks: PlushDaemon’s Sneaky EdgeStepper Malware Strikes Again!

PlushDaemon hackers are hijacking software updates using a crafty implant called EdgeStepper. They’ve targeted entities from the U.S. to New Zealand since 2018, slipping malware into unsuspecting systems like an unwanted guest at a dinner party. Keep your routers locked up tighter than Fort Knox to avoid unwanted cyber company!

3P
Published: November 19, 2025 10:09 amAdded: November 19, 2025 at 2:45 amAssembled by: The Editor
Pro Dashboard

Hot Take:

It’s official, folks: PlushDaemon is the cyber equivalent of that one friend who “borrowed” your favorite DVD and never gave it back. Only this time, they’re borrowing software updates and leaving behind a gift basket of malware. Thanks, but no thanks!

Key Points:

  • PlushDaemon, a China-linked threat actor, uses an implant called EdgeStepper to hijack software update traffic.
  • Targets include electronics manufacturers, universities, and auto plants, with a focus on the U.S., China, and more.
  • Attackers exploit router vulnerabilities to deploy EdgeStepper, redirecting DNS queries to malicious nodes.
  • The malware chain includes LittleDaemon, DaemonicLogistics, and the SlowStepper backdoor.
  • ESET provides a detailed report with technical details and indicators of compromise.

Membership Required

 You must be a member to access this content.

View Membership Levels
Already a member? Log in here
The Nimble Nerd
powered by the NSA, er,  GDPR Cookie Compliance
Confessional Booth of Our Digital Sins

Okay, deep breath, let's get this over with. In the grand act of digital self-sabotage, we've littered this site with cookies. Yep, we did that. Why? So your highness can have a 'premium' experience or whatever. These traitorous cookies hide in your browser, eagerly waiting to welcome you back like a guilty dog that's just chewed your favorite shoe. And, if that's not enough, they also tattle on which parts of our sad little corner of the web you obsess over. Feels dirty, doesn't it?