Mastodawn

EggStreme Malware: Unpacking a New APT Framework Targeting a Philippine Military Company

A Chinese APT group compromised a Philippine military company using a new, fileless malware framework called EggStreme. This sophisticated multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading. The core component, EggStremeAgent, is a full-featured backdoor enabling extensive system reconnaissance, lateral movement, and data theft via an injected keylogger. The attack begins with EggStremeFuel deploying EggStremeLoader to set up a persistent service, which then executes EggStremeReflectiveLoader to launch EggStremeAgent. The framework's fileless nature and use of legitimate Windows processes make it difficult to detect, posing a significant and persistent threat.

Pulse ID: 68c1d94aeea0cbf6a74fd693
Pulse Link: https://otx.alienvault.com/pulse/68c1d94aeea0cbf6a74fd693
Pulse Author: AlienVault
Created: 2025-09-10 20:02:18

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#BackDoor #Chinese #CyberSecurity #DataTheft #Espionage #InfoSec #KeyLogger #Malware #Military #OTX #OpenThreatExchange #SideLoading #Windows #bot #AlienVault

LevelBlue - Open Threat Exchange

Learn about the latest cyber threats. Research, collaborate, and share threat intelligence in real time. Protect yourself and the community against today's emerging threats.

LevelBlue Open Threat Exchange

Tobias Scheible Sep 10

Der Praxisteil meines „Hacking- und Pentest-Hardware-Workshops” umfasst fünf Stationen. In Kleingruppen von maximal drei Personen arbeiten die Teilnehmenden etwa eine Stunde lang die Aufgaben durch. In dieser Zeit gehe ich von Station zu Station und gebe Tipps sowie zusätzliche Informationen. Bei der ersten Station „Gadgets & Logger” dreht sich alles um Spionagegadgets, Keylogger und Screenlogger.
➡️ Klicken Sie hier, um mehr über die Workshop-Inhalte zu erfahren: https://scheible.it/workshop
#ITSicherheit #CyberAwareness #Seminar #SecurityKnowHow #Keylogger

Show thread

Snark Week Global Aug 29

This keyboard feels like it has its own agenda and it feels hostile and cursed. I will not do more lab work on it, because I lack the spoons. It would probably involves mapping exactly how it works and when it doesn't. If there's machine learning involved in the buffer and context detection of a hypothetical #keylogger, that would be something you could find, but it would take more work to pinpoint its characterics first. >|

Hackread.com Aug 14

🚨 Watch out as the new #PS1Bot malware steals crypto wallets, passwords, and sensitive data, spreading through #malvertising while evading detection.

Read: https://hackread.com/malvertising-attack-crypto-stealing-ps1bot-malware/

#CyberSecurity #Malware #Crypto #Keylogger

New Malvertising Attack Spreads Crypto Stealing PS1Bot Malware

Follow us on Bluesky, Twitter (X), Mastodon and Facebook at @Hackread

Hackread - Latest Cybersecurity, Hacking News, Tech, AI & Crypto

JRT Jul 28

On a recent engagement a USB #keylogger was found. My colleague Cass and I analyzed the key logger to find leads towards the threat actor. We have written down what we learned on our side quest:

https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/
#DFIR #Forensics

A Tale of Practical Keylogger Forensics

Have you ever found a keylogger and wondered what secrets it may have logged? We have opened one and managed to read the recorded data.

HiSolutions Research

HiSolutions Jul 28

📢New in our Research-Blog: A Tale of Practical Keylogger Forensics

On a recent engagement, an interesting hardware side quest popped up.
A client had found a #keylogger and, naturally, Cass Rebellin and @jrt wanted to know what the adversary had seen and if they could gather any useful traces towards the perpetrator.
The full story 👉https://research.hisolutions.com/2025/07/a-tale-of-practical-keylogger-forensics/

#ResearchBlog #DFIR #HardwareSecurity