SYMBOLCOMMON_NAMEaka. SYNONYMS
elf.edgestepper (Back to overview)

EdgeStepper

Actor(s): PlushDaemon

According to ESET Research, EdgeStepper is an adversary-in-the-middle tool, which forwards DNS traffic from machines in a targeted network to a malicious DNS node. This allows the attackers to redirect the traffic from software updates to a hijacking node that serves instructions to the legitimate software to download a malicious update.

References
2025-11-19ESET ResearchDávid Gábriš, Facundo Muñoz
PlushDaemon compromises network devices for adversary-in-the-middle attacks
EdgeStepper LittleDaemon

There is no Yara-Signature yet.