Close Menu
TechurzTechurz
    What's Hot

    AI law startup Norm raises $120M, hits unicorn valuation

    July 7, 2026

    This startup pits dealerships against each other to bid on your used car

    July 7, 2026

    Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom

    July 7, 2026
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Tech Pulse
    • AI law startup Norm raises $120M, hits unicorn valuation
    • This startup pits dealerships against each other to bid on your used car
    • Savi’s app aims to protect consumers from realistic AI scams like kidnappers demanding ransom
    • Station F ramps up as a launchpad for Europe’s hottest AI startups
    • Smart glasses maker Even Realities hits $1B valuation with $150M funding led by Meituan, Tencent
    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    TechurzTechurz
    • Home
    • Tech Pulse
    • Future Tech
    • AI Systems
    • Cyber Reality
    • Disruption Lab
    • Signals
    TechurzTechurz
    Home - Cyber Reality - Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems
    Cyber Reality

    Chinese APT Deploys EggStreme Fileless Malware to Breach Philippine Military Systems

    TechurzBy TechurzSeptember 10, 2025Updated:May 10, 2026No Comments3 Mins Read
    Share Facebook Twitter Pinterest LinkedIn Tumblr Reddit Telegram Email
    Chinese APT
    Share
    Facebook Twitter LinkedIn Pinterest Email


    Sep 10, 2025Ravie LakshmananCybersecurity / Malware

    An advanced persistent threat (APT) group from China has been attributed to the compromise of a Philippines-based military company using a previously undocumented fileless malware framework called EggStreme.

    “This multi-stage toolset achieves persistent, low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads,” Bitdefender researcher Bogdan Zavadovschi said in a report shared with The Hacker News.

    “The core component, EggStremeAgent, is a full-featured backdoor that enables extensive system reconnaissance, lateral movement, and data theft via an injected keylogger.”

    The targeting of the Philippines is something of a recurring pattern for Chinese state-sponsored hacking groups, particularly in light of geopolitical tensions fueled by territorial disputes in the South China Sea between China, Vietnam, the Philippines, Taiwan, Malaysia, and Brunei.

    The Romanian cybersecurity vendor, which first detected signs of malicious activity in early 2024, described EggStreme as a tightly integrated set of malicious components that’s engineered to establish a “resilient foothold” on infected machines.

    The starting point of the multi-stage operation is a payload called EggStremeFuel (“mscorsvc.dll”) that conducts system profiling and deploys EggStremeLoader to set up persistence and then executes EggStremeReflectiveLoader, which, in turn, triggers EggStremeAgent.

    EggStremeFuel’s functions are realized by opening an active communication channel with a command-and-control (C2), enabling it to –

    • Get drive information
    • Start cmd.exe and establish communication via pipes
    • Gracefully close all connections and shutdown
    • Read a file from server and save it to disk
    • Read a local file from a given path and transmit its content
    • Send the external IP address by making a request to myexternalip[.]com/raw
    • Dump the in-memory configuration to disk

    Calling EggStremeAgent the “central nervous system” of the framework, the backdoor works by monitoring new user sessions and injects a keylogger component dubbed EggStremeKeylogger for each session to harvest keystrokes and other sensitive data. It communicates with a C2 server using the Google Remote Procedure Call (gRPC) protocol.

    It supports an impressive 58 commands that enable a broad range of capabilities to facilitate local and network discovery, system enumeration, arbitrary shellcode execution, privilege escalation, lateral movement, data exfiltration, and payload injection, including an auxiliary implant codenamed EggStremeWizard (“xwizards.dll”).

    “The attackers use this to launch a legitimate binary that sideloads the malicious DLL, a technique they consistently abuse throughout the attack chain,” Zavadovschi noted.

    “This secondary backdoor provides reverse shell access and file upload/download capabilities. Its design also incorporates a list of multiple C2 servers, enhancing its resilience and ensuring that communication with the attacker can be maintained even if one C2 server is taken offline.”

    The activity is also characterized by the use of the Stowaway proxy utility to establish an internal network foothold. Complicating detection further is the fileless nature of the framework, causing malicious code to be loaded and executed directly in memory without leaving any traces on disk.

    “This, coupled with the heavy use of DLL side-loading and the sophisticated, multi-stage execution flow, allows the framework to operate with a low profile, making it a significant and persistent threat,” Bitdefender said.

    “The EggStreme malware family is a highly sophisticated and multi-component threat designed to achieve persistent access, lateral movement, and data exfiltration. The threat actor demonstrates an advanced understanding of modern defensive techniques by employing a variety of tactics to evade detection.”

    APT breach Chinese deploys EggStreme fileless malware Military Philippine systems
    Share. Facebook Twitter Pinterest LinkedIn Tumblr Email
    Previous ArticleThis Low-Cost Tool Can Help You Earn More From Your Side Hustle
    Next Article 2025 Innovator of the Year: Sneha Goenka for developing an ultra-fast sequencing technology
    Techurz
    • Website

    Related Posts

    Opinion

    This startup’s super metals could soon be in military drones, luxury watches, and chef’s knives

    June 16, 2026
    Opinion

    Quantum Space’s military SPAC is trying to catch SpaceX’s IPO wave

    June 11, 2026
    Cyber Reality

    Digital Identity Protection: 7 Hidden Risks Most Users Miss

    May 25, 2026
    Add A Comment
    Latest Tech Pulse

    College social app Fizz expands into grocery delivery

    September 3, 20252,290

    12 Father’s Day E-Card Sites That Are Actually Good

    June 4, 202523

    SolarSquare in talks to raise up to $60M as India’s rooftop solar market draws major VC interest

    May 23, 202622
    Stay In Touch
    • YouTube
    • WhatsApp
    • Twitter
    • Pinterest
    • LinkedIn

    Techurz helps readers stay ahead of digital change with clear, practical, future focused technology intelligence written today,searched tomorrow.

    X (Twitter) Pinterest YouTube LinkedIn WhatsApp
    Company
    • About Us
    • Contact Us
    • Our Authors / Editorial Team
    • Write For Us
    • Advertise
    Policy
    • Editorial Policy
    • Privacy Policy
    • Terms and Conditions
    • Affiliate Disclosure
    • Cookie Policy
    • Disclaimer
    • DMCA
    Explore
    • AI Systems
    • Cyber Reality
    • Future Tech
    • Disruption Lab
    • Signals
    • Tech Pulse
    • Sitemap

    Join the Techurz Brief

    The future does not arrive suddenly.
    Stay ahead with fast, sharp tech signals.

    Type above and press Enter to search. Press Esc to cancel.