China-backed Advanced Persistent Threat (APT) group PlushDaemon has been infiltrating legitimate update channels on a popular South Korean VPN, according to cybersecurity firm ESET. The group has replaced genuine installers with trojan versions that plant SlowStepper, a sophisticated backdoor capable of extensive surveillance and data collection, into the software. The attack avoided widespread damage due to ESET alerting the VPN operator. Experts believe PlushDaemon has been active since 2019.

New Triada comes preinstalled on Android devices
A new variant of the Triada Trojan has been discovered pre-installed on Android devices, enabling data theft from the moment the device is set up,