Chinese APT Hits Philippine Military Firm with New EggStreme Fileless Malware

Cybersecurity researchers at Bitdefender have identified a new malware framework called EggStreme, currently used by a China-based APT group to spy on military organisations in the Asia-Pacific region. The finding came after an investigation into a compromise at a Philippine military company.

According to researchers, the malware toolkit is designed as a “unified” system rather than separate malware samples. Its components work in sequence, starting with a loader named EggStremeFuel, which prepares the environment for later stages. Ultimately, the attackers deploy EggStremeAgent, a full-featured backdoor that can perform reconnaissance, steal data, modify and even delete important files.

Fileless Malware

Bitdefender’s technical report, shared with Hackread.com ahead of its publication on Wednesday, September 10, 2025, reveals that EggStreme performs fileless execution. Additionally, while encrypted modules exist on disk, the malicious payloads are decrypted and executed only in memory. Combined with DLL sideloading, this makes the framework harder to detect ...