EggStreme: New Fileless Malware from a Chinese Apt Targets Philippine Military
18 hours ago
- #APT
- #geopolitics
- #cybersecurity
- Bitdefender researchers discovered EggStreme, a sophisticated fileless malware framework used by a Chinese APT group.
- The malware targeted a Philippine military company, highlighting geopolitical tensions in the South China Sea.
- EggStreme operates via multi-stage execution, starting with EggStremeFuel, followed by EggStremeLoader, EggStremeReflectiveLoader, and EggStremeAgent.
- EggStremeAgent is a powerful backdoor with 58 commands for system reconnaissance, command execution, lateral movement, and data exfiltration.
- The framework includes EggStremeWizard for persistence and EggStremeKeylogger for real-time data capture.
- EggStreme is fileless, using memory injection and DLL sideloading to evade detection.
- The attack is espionage-driven, aimed at long-term surveillance in a geopolitically sensitive region.