{"id":133769,"date":"2025-11-19T15:59:01","date_gmt":"2025-11-19T15:59:01","guid":{"rendered":"https:\/\/cybersecuritynews.com\/?p=133769"},"modified":"2025-11-19T16:00:17","modified_gmt":"2025-11-19T16:00:17","slug":"chinese-plushdaemon-hackers-use-edgestepper-tool","status":"publish","type":"post","link":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/","title":{"rendered":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers"},"content":{"rendered":"\n<p>A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018.<\/p>\n\n\n\n<p>The group&#8217;s primary strategy involves intercepting legitimate software updates by deploying a specialized tool called EdgeStepper, which acts as a bridge between users&#8217; computers and malicious servers.<\/p>\n\n\n\n<p>This technique allows hackers to inject <a href=\"https:\/\/cybersecuritynews.com\/chatgpt-powered-malware-analysis\/\" target=\"_blank\" rel=\"noreferrer noopener\">malware<\/a> directly into what users believe are authentic update installations from trusted software vendors.<\/p>\n\n\n\n<p>PlushDaemon&#8217;s campaign has targeted individuals and organizations in the United States, Taiwan, China, Hong Kong, New Zealand, and Cambodia.<\/p>\n\n\n\n<p>The group employs multiple attack vectors, including exploitation of software vulnerabilities, weak network device credentials, and sophisticated supply-chain compromises.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhpGmpa4_Hq1y2-JIfrA8UuF3aryCRMv9eQOQg1NUH74iSg7QzTMO1UQwzO9lmi1qQodqMr1QXF1c0HMSSry2m8Ncobk4EotxmbgAbqPc_we_JClp_hKf4oPBsTJRTvfGSMZafYOhPRGwJTVkCL8GCcewrHTRab4cS6N-kY7ml-VtfnLrtjB30ctyy8pfQ\/s16000\/First%20stages%20of%20the%20attack%20(Source%20-%20Welivesecurity).webp\" alt=\"First stages of the attack (Source - Welivesecurity)\" \/><figcaption class=\"wp-element-caption\">First stages of the attack (Source &#8211; Welivesecurity)<\/figcaption><\/figure><\/div>\n\n\n<p>During a 2023 investigation, researchers uncovered the group&#8217;s involvement in a major supply-chain attack affecting a South Korean VPN service, demonstrating their capability to operate at scale.<\/p>\n\n\n\n<p>ESET security analysts <a href=\"https:\/\/www.welivesecurity.com\/en\/eset-research\/plushdaemon-compromises-network-devices-for-adversary-in-the-middle-attacks\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">identified<\/a> and examined the EdgeStepper malware after discovering an ELF binary file on VirusTotal that contained infrastructure details linked to PlushDaemon operations.<\/p>\n\n\n\n<p>The researchers found that the tool, internally codenamed dns_cheat_v2 by its developers, represents a critical component in the group&#8217;s attack infrastructure.<\/p>\n\n\n\n<p>The analysis revealed how this network implant functions to intercept and redirect DNS queries, essentially <a href=\"https:\/\/cybersecuritynews.com\/notepad-hijacking-vulnerability\/\" target=\"_blank\" rel=\"noreferrer noopener\">hijacking<\/a> the normal update process users expect from legitimate software.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEgBde9pS3NiDhq09JnfFZNgUkHfVsL-ZkhuP3IRZqWjHAFvLy7kI0Dth_Pd0Jl_aSKVcK7XUAzOksD09bPlnXlKw4243WgIsQiYvI0PiejaesXP-x0Uo2EE7MMInxPbhdEB6QwMcKgW8q8LSM4LYgF9sthGVW_XFtV1k3K7Q2cdxP1mctzh64alWy6ihEc\/s16000\/Final%20stage%20of%20the%20update%20hijacking%20(Source%20-%20Welivesecurity).webp\" alt=\"Final stage of the update hijacking (Source - Welivesecurity)\" \/><figcaption class=\"wp-element-caption\">Final stage of the update hijacking (Source &#8211; Welivesecurity)<\/figcaption><\/figure><\/div>\n\n\n<p>The attack demonstrates a multi-stage infection process designed to evade traditional security defenses.<\/p>\n\n\n\n<p>Once attackers compromise a network device such as a router through vulnerability exploitation or weak credentials, EdgeStepper begins its operation by intercepting <a href=\"https:\/\/cybersecuritynews.com\/android-bug-leaks-dns-traffic\/\" target=\"_blank\" rel=\"noreferrer noopener\">DNS traffic<\/a>.<\/p>\n\n\n\n<p>When a user attempts to update software like Sogou Pinyin or similar Chinese applications, the malware redirects the connection to an attacker-controlled server.<\/p>\n\n\n\n<p>This hijacking node then instructs the legitimate software to download a malicious DLL file instead of the genuine update.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"h-dns-interception-and-traffic-redirection-mechanism\"><strong>DNS Interception and Traffic Redirection Mechanism<\/strong><\/h2>\n\n\n\n<p>The technical foundation of EdgeStepper&#8217;s effectiveness lies in its elegant yet dangerous approach to network manipulation.<\/p>\n\n\n<div class=\"wp-block-image\">\n<figure class=\"aligncenter size-large\"><img decoding=\"async\" src=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEhjVZITVzvBIt-patFgiu3IiNY4A55JnlGlTNfTK0kwn4TBZwISLhecl5nloPdU0hsKFsECgBfjdV_HefEkdoYfyVFQuF4KbK-30_HjIbdIEh2EGuZhjCH_RB25JNDymg3CfL-KRNXUbWcN1YFbDsxB7wAaY51YQUUbcUSZMmh_mbBl3yq4PtdayUtamP0\/s16000\/EdgeStepper%20workflow%20(Source%20-%20Welivesecurity).webp\" alt=\"EdgeStepper workflow (Source - Welivesecurity)\" \/><figcaption class=\"wp-element-caption\">EdgeStepper workflow (Source &#8211; Welivesecurity)<\/figcaption><\/figure><\/div>\n\n\n<p>Written in Go programming language using the GoFrame framework and compiled for MIPS32 processors, the malware begins operation by reading an encrypted configuration file named bioset.conf.<\/p>\n\n\n\n<p>The decryption process uses AES CBC encryption with a default key and initialization vector derived from the string &#8220;I Love Go Frame,&#8221; which is part of the GoFrame library&#8217;s standard implementation.<\/p>\n\n\n\n<p>Once decrypted, the configuration reveals two critical parameters: toPort specifies the listening port, while host identifies the <a href=\"https:\/\/cybersecuritynews.com\/microsoft-limit-onmicrosoft-domain-for-sending-emails\/\" target=\"_blank\" rel=\"noreferrer noopener\">domain<\/a> name of the malicious DNS node.<\/p>\n\n\n\n<p>EdgeStepper then initializes two core systems called Distributor and Ruler. The Distributor component resolves the IP address of the malicious DNS node and coordinates the traffic flow, while the Ruler system issues iptables commands to redirect all UDP traffic on port 53 to EdgeStepper&#8217;s designated port.<\/p>\n\n\n\n<p>The malware accomplishes this redirection using the command: &#8220;iptables -t nat -I PREROUTING -p udp &#8211;dport 53 -j REDIRECT &#8211;to-port [value_from_toPort]&#8221;.<\/p>\n\n\n\n<p>This command essentially forces all DNS requests from devices on the network to pass through EdgeStepper before reaching legitimate DNS servers, creating a complete man-in-the-middle position that allows perfect interception and modification of update instructions sent to software applications.<\/p>\n\n\n\n<p class=\"has-text-align-center has-background\" style=\"background:linear-gradient(180deg,rgb(238,238,238) 90%,rgb(169,184,195) 100%)\"><strong>Follow us on\u00a0<a href=\"https:\/\/news.google.com\/publications\/CAAqMggKIixDQklTR3dnTWFoY0tGV041WW1WeWMyVmpkWEpwZEhsdVpYZHpMbU52YlNnQVAB?hl=en-IN&amp;gl=IN&amp;ceid=IN:en\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google News<\/a>,\u00a0<a href=\"https:\/\/www.linkedin.com\/company\/cybersecurity-news\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">LinkedIn<\/a>,\u00a0and\u00a0<a href=\"https:\/\/x.com\/cyber_press_org\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">X<\/a>\u00a0to Get More Instant Updates<\/strong>,\u00a0<strong>Set CSN as a Preferred Source in\u00a0<a href=\"https:\/\/www.google.com\/preferences\/source?q=cybersecuritynews.com\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Google<\/a>.<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>A China-aligned threat group known as PlushDaemon has been weaponizing a sophisticated attack method to infiltrate networks across multiple regions since 2018. The group&#8217;s primary strategy involves intercepting legitimate software updates by deploying a specialized tool called EdgeStepper, which acts as a bridge between users&#8217; computers and malicious servers. This technique allows hackers to inject [&hellip;]<\/p>\n","protected":false},"author":6,"featured_media":133828,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"fifu_image_url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp","fifu_image_alt":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[11,48],"tags":[149,151],"class_list":{"0":"post-133769","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-cyber-security-news","8":"category-threats","9":"tag-cyber-security","10":"tag-cyber-security-news"},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.7.1 (Yoast SEO v25.7) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers<\/title>\n<meta name=\"description\" content=\"PlushDaemon uses its EdgeStepper tool to hijack software updates and inject malware, targeting users across the US, Asia, and New Zealand.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers\" \/>\n<meta property=\"og:description\" content=\"PlushDaemon uses its EdgeStepper tool to hijack software updates and inject malware, targeting users across the US, Asia, and New Zealand.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/\" \/>\n<meta property=\"og:site_name\" content=\"Cyber Security News\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/Hackingtutorialsandnews\" \/>\n<meta property=\"article:published_time\" content=\"2025-11-19T15:59:01+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-11-19T16:00:17+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp\" \/><meta property=\"og:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"1600\" \/>\n\t<meta property=\"og:image:height\" content=\"900\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Tushar Subhra Dutta\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp\" \/>\n<meta name=\"twitter:creator\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:site\" content=\"@The_Cyber_News\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Tushar Subhra Dutta\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"3 minutes\" \/>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers","description":"PlushDaemon uses its EdgeStepper tool to hijack software updates and inject malware, targeting users across the US, Asia, and New Zealand.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/","og_locale":"en_US","og_type":"article","og_title":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers","og_description":"PlushDaemon uses its EdgeStepper tool to hijack software updates and inject malware, targeting users across the US, Asia, and New Zealand.","og_url":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/","og_site_name":"Cyber Security News","article_publisher":"https:\/\/www.facebook.com\/Hackingtutorialsandnews","article_published_time":"2025-11-19T15:59:01+00:00","article_modified_time":"2025-11-19T16:00:17+00:00","og_image":[{"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp","type":"","width":"","height":""},{"width":1600,"height":900,"url":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp","type":"image\/jpeg"}],"author":"Tushar Subhra Dutta","twitter_card":"summary_large_image","twitter_image":"https:\/\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp","twitter_creator":"@The_Cyber_News","twitter_site":"@The_Cyber_News","twitter_misc":{"Written by":"Tushar Subhra Dutta","Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"NewsArticle","@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#article","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/"},"author":{"name":"Tushar Subhra Dutta","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c"},"headline":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers","datePublished":"2025-11-19T15:59:01+00:00","dateModified":"2025-11-19T16:00:17+00:00","mainEntityOfPage":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/"},"wordCount":559,"publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"image":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp?w=1600&resize=1600,900&ssl=1","keywords":["cyber security","cyber security news"],"articleSection":["Cyber Security News","Threats"],"inLanguage":"en-US","copyrightYear":"2025","copyrightHolder":{"@id":"https:\/\/cybersecuritynews.com\/#organization"}},{"@type":"WebPage","@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/","url":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/","name":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers","isPartOf":{"@id":"https:\/\/cybersecuritynews.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#primaryimage"},"image":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#primaryimage"},"thumbnailUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp?w=1600&resize=1600,900&ssl=1","datePublished":"2025-11-19T15:59:01+00:00","dateModified":"2025-11-19T16:00:17+00:00","description":"PlushDaemon uses its EdgeStepper tool to hijack software updates and inject malware, targeting users across the US, Asia, and New Zealand.","breadcrumb":{"@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#primaryimage","url":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp?w=1600&resize=1600,900&ssl=1","contentUrl":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp?w=1600&resize=1600,900&ssl=1","width":"1600","height":"900"},{"@type":"BreadcrumbList","@id":"https:\/\/cybersecuritynews.com\/chinese-plushdaemon-hackers-use-edgestepper-tool\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/cybersecuritynews.com\/"},{"@type":"ListItem","position":2,"name":"Chinese PlushDaemon Hackers use EdgeStepper Tool to Hijack Legitimate Updates and Redirect to Malicious Servers"}]},{"@type":"WebSite","@id":"https:\/\/cybersecuritynews.com\/#website","url":"https:\/\/cybersecuritynews.com\/","name":"Cyber Security News","description":"World&#039;s #1 Premier Cybersecurity and Hacking News Portal","publisher":{"@id":"https:\/\/cybersecuritynews.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/cybersecuritynews.com\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/cybersecuritynews.com\/#organization","name":"Cyber Security News","url":"https:\/\/cybersecuritynews.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/","url":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","contentUrl":"https:\/\/cybersecuritynews.com\/wp-content\/uploads\/2021\/06\/Cyber-security.jpg","width":200,"height":200,"caption":"Cyber Security News"},"image":{"@id":"https:\/\/cybersecuritynews.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/Hackingtutorialsandnews","https:\/\/x.com\/The_Cyber_News","https:\/\/www.linkedin.com\/company\/cybersecurity-news\/"]},{"@type":"Person","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/7eb7d8d026aa5dd566f134d4def5c05c","name":"Tushar Subhra Dutta","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/cybersecuritynews.com\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f8bc0247220c7d4dea6c8b5a77d910613305ead17b13c2a7920b400435a848dd?s=96&d=mm&r=g","caption":"Tushar Subhra Dutta"},"description":"Tushar is a senior cybersecurity and breach reporter. He specializes in covering cybersecurity news, trends, and emerging threats, data breaches, and malware attacks. With years of experience, he brings clarity and depth to complex security topics.","url":"https:\/\/cybersecuritynews.com\/author\/tushar\/"}]}},"jetpack_featured_media_url":"https:\/\/i3.wp.com\/blogger.googleusercontent.com\/img\/b\/R29vZ2xl\/AVvXsEi-ocZm0Yp7GEWW0_EypwAWGq3mCvBvwkkQ9aLGZCVvJBs8nJcSnlTTcu6KPc0kAXWn1cWAOaJq7-EjQWDhHwjynaSfzHb-OauslxMckNMn58vsp_mKbkZtqDQeViNhP5GYOJUn32nNPCtrk1TNNpmIknzOJHPiKYiF2wZF0-YslE3P4waIgMdjt0J56Dk\/s16000\/Chinese%20PlushDaemon%20Hackers%20use%20EdgeStepper%20Tool%20to%20Hijack%20Legitimate%20Updates%20and%20Redirect%20to%20Malicious%20Servers.webp?w=1600&resize=1600,900&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133769","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/users\/6"}],"replies":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/comments?post=133769"}],"version-history":[{"count":2,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133769\/revisions"}],"predecessor-version":[{"id":133826,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/posts\/133769\/revisions\/133826"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media\/133828"}],"wp:attachment":[{"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/media?parent=133769"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/categories?post=133769"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/cybersecuritynews.com\/wp-json\/wp\/v2\/tags?post=133769"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}