China-related threat actors deployed a new fileless malware against the Philippines military

• EggStreme is a stealthy, fileless malware framework used by a Chinese threat actor to target a Philippine military company
• It includes six modular components, enabling reverse shell access, payload injection, keylogging, and persistent espionage
• Attribution remains uncertain, but the attack’s objectives align with known Chinese APT tactics across APAC and beyond

A Chinese threat actor attacked a Philippine military company with a never-before-seen, fileless malware framework, researchers warned.

Earlier this week, cybersecurity outfit Bitdefender published an in-depth report about EggStreme, a “multi-stage toolset that achieves low-profile espionage by injecting malicious code directly into memory and leveraging DLL sideloading to execute payloads.”

It counts six different components: EggStremeFuel (initial loader DLL, sideloaded via a legitimate binary and establishes a reverse shell), EggStremeLoader (reads encrypted payloads and injects them into processes), EggStremeReflectiveLoader (decrypts and injects the final payload), EggStremeAgent (main backdoor implant with 58 commands), EggStremeKeylogger (grabs keystrokes ...