Find notable cyber news and cases, enriched with sources, timelines, and signals.

EdgeStepper-LittleDaemon-SlowStepper software-update malware delivery chain

Malware Activity
First reported
Last updated
Happening score
H score 23
1 unique sources, 1 articles

Summary

Hide ▲

The EdgeStepper malware chain is hijacking software-update traffic to deliver LittleDaemon on Windows, creating a path to deploy SlowStepper on targeted systems. The operation uses compromised routers and malicious DNS redirection to steer update requests to attacker infrastructure. That behavior increases the risk of covert malware installation during routine updates.

Related Happenings

ShapedPlugin LicenseLoader fake WooCommerce backdoor

Malware Activity
H score21 First: 18.06.2026 15:55 Last: 18.06.2026 15:55 Sources 1

About this happening: The **LicenseLoader.php** malware embedded in infected ShapedPlugin releases now enables **credential theft**, **2FA secret theft**, and **remote file-writing** on compromised Wor...

SPECTRALVIPER DLL sideloading backdoor activity

Malware Activity
H score31 First: 11.06.2026 12:45 Last: 11.06.2026 12:45 Sources 1

About this happening: The **SPECTRALVIPER** backdoor was executed on affected **Windows** hosts through a **DLL sideloading** chain during **October 2025 to March 2026**, giving operators a way to run...

Dragon Boss Solutions LLC adware malicious update

Malware Activity
H score26 First: 16.04.2026 22:07 Last: 16.04.2026 22:07 Sources 1

About this happening: A **March 22, 2025** malicious update turned **Dragon Boss Solutions LLC** adware into an **AV-disabling** payload, exposing nearly **24,000 systems** to follow-on abuse. The upda...

DKnife Linux AitM malware activity targeting routers and edge devices

Malware Activity
H score30 First: 06.02.2026 16:56 Last: 06.02.2026 16:56 Sources 1

About this happening: Researchers disclosed **DKnife**, a **China-nexus AitM framework** active since **at least 2019**, because it can **inspect packets, hijack downloads, and deliver malware** across...

UDPGangster backdoor deployed by MuddyWater

Malware Activity
H score22 First: 08.12.2025 08:46 Last: 08.12.2025 08:46 Sources 1

About this happening: The **MuddyWater** group has deployed **UDPGangster**, a new backdoor that uses **UDP C2** to control compromised systems and expand post-compromise access. The malware can **exec...

Timeline

  1. 19.11.2025 12:00 2 articles · 7mo ago

    PlushDaemon EdgeStepper software-update hijacking

    Initial Disclosure

    PlushDaemon is hijacking software-update traffic by compromising routers, installing EdgeStepper, and redirecting DNS queries for update domains to malicious infrastructure so Windows victims receive the DLL downloader LittleDaemon, which loads DaemonicLogistics and then SlowStepper. The campaign has targeted individuals and organizations in the United States, China, Taiwan, Hong Kong, South Korea, and New Zealand, and telemetry indicates malicious-update abuse since 2019 against electronics manufacturers, universities, and a Japanese automotive manufacturing plant in Cambodia.

    Show sources