China-backed Advanced Persistent Threat (APT) group PlushDaemon has been infiltrating legitimate update channels on a popular South Korean VPN, according to cybersecurity firm ESET. The group has replaced genuine installers with trojan versions that plant SlowStepper, a sophisticated backdoor capable of extensive surveillance and data collection, into the software. The attack avoided widespread damage due to ESET alerting the VPN operator. Experts believe PlushDaemon has been active since 2019.

New Malware Loaders Use Call Stack Spoofing, GitHub C2, and .NET Reactor for Stealth
An updated version of a malware loader, known as Hijack Loader, has been discovered with new features aimed at evading detection and maintaining persistence. The