EggStreme fileless malware framework with DLL sideloading

Malware Activity

First reported

10.09.2025 18:46

Last updated

10.09.2025 18:46

Happening score

H score 16

1 unique sources, 1 articles

Summary

Hide ▲

A newly documented EggStreme malware activity is enabling persistent access and data exfiltration on infected systems through a fileless, multi-stage framework. The framework uses DLL sideloading and in-memory execution to stay low-profile, while its backdoor can drive reconnaissance, lateral movement, and keylogging. First signs of the activity were seen in early 2024, indicating a long-running intrusion toolset rather than a one-off payload.

Related Happenings

QWCrypt and RedLoader multi-stage ransomware activity

Malware Activity

First: 09.12.2025 11:35 Last: 09.12.2025 11:35 Sources 1

About this happening: The **QWCrypt** ransomware chain now matters because it has reached **successful deployment** in at least **three attacks**, using **RedLoader** and a customized **Terminator** to...

Open Happening

Philippines-based military company hit by data theft breach

Incident

First: 10.09.2025 18:46 Last: 10.09.2025 18:46 Sources 1

How related: An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme.

About this happening: A **Philippines-based military company** was **compromised** with the previously undocumented **EggStreme** fileless framework, exposing an organization tied to sensitive military...