Skip to content

News
Cybercrime
Risk
Policy
Privacy
Research
Cloud
Insurance

LinkedIn
Facebook

LittleDaemon

China-linked PlushDaemon hijacks software updates with new EdgeStepper implant, ESET says

Cybercrime, News, Research, Risk, Vulnerabilities

November 20, 2025

ESET researchers say a China-linked group called PlushDaemon is hijacking software-update traffic using an EdgeStepper network implant that redirects update domains to attacker servers and delivers a chain of malware including LittleDaemon, DaemonicLogistics and the SlowStepper backdoor.

About
Editorial Policy
Privacy
Contact