Malware
EdgeStepper
According to ESET Research, EdgeStepper is an adversary-in-the-middle tool, which forwards DNS traffic from machines in a targeted network to a malicious DNS node.
EdgeStepper is a Linux malware family operated by PlushDaemon.
Background
Per ESET Research, EdgeStepper is an adversary-in-the-middle tool that reroutes DNS traffic from hosts within a targeted network to a malicious DNS node. With this, attackers can divert software-update traffic to a hijacking node that instructs legitimate applications to fetch a malicious update.
Source: Malpedia (Fraunhofer FKIE).