Malware, Threat Intelligence

Widespread PlugX malware compromise eradicated in law enforcement operation

Malware

Thousands of Windows systems around the world, nearly 4,258 of which were in the U.S., have been expunged of a PlugX malware variant spreading via USB drives that had been deployed by Chinese state-backed hacking group Mustang Panda, also known as Twill Typhoon, as part of a France-led international law enforcement operation, reports The Register.

Acquisition of warrants in August enabled the U.S. Department of Justice and FBI to remotely target PlugX-impacted systems with a self-destruct command that not only removed malware files and registry keys but also established a temporary script to remove the PlugX app following the cessation of its operations. Such command also facilitated the execution of a temporary file, which has been deleted following the removal of the PlugX app and the directory created by the malware, according to the feds. "This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers," said U.S. Attorney Jacqueline Romero.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds