EdgeStepper Implant Reroutes DNS Queries to Deploy Malware via Hijacked Software Updates

The threat actor known as PlushDaemon has been observed using a previously undocumented Go-based network backdoor codenamed EdgeStepper to facilitate adversary-in-the-middle (AitM) attacks. EdgeStepper "redirects all DNS queries to an external, malicious hija…