Thousands of Windows systems around the world, nearly 4,258 of which were in the U.S., have been expunged of a PlugX malware variant spreading via USB drives that had been deployed by Chinese state-backed hacking group Mustang Panda, also known as Twill Typhoon, as part of a France-led international law enforcement operation, reports The Register.
Acquisition of warrants in August enabled the U.S. Department of Justice and FBI to remotely target PlugX-impacted systems with a self-destruct command that not only removed malware files and registry keys but also established a temporary script to remove the PlugX app following the cessation of its operations. Such command also facilitated the execution of a temporary file, which has been deleted following the removal of the PlugX app and the directory created by the malware, according to the feds. "This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers," said U.S. Attorney Jacqueline Romero.