FBI Pulls the Plug on PlugX Malware, Removing it From Thousands of Devices

The US Department of Justice (DoJ) and the FBI jointly announced yesterday a successful operation leading to the removal of PlugX malware from thousands of devices.

Police operation hits Chinese threat actors

A joint multi-national effort involving French authorities and the FBI against a group of China-sponsored threat actors dubbed “Mustang Panda” and “Twill Typhoon” saw the removal of the infamous malware from more than 4,200 compromised devices.

After infecting devices with PlugX, perpetrators would exploit the malware’s capabilities to steal sensitive information.

PlugX: a malicious remote control that could achieve persistence

However, its capabilities extend far beyond stealing files. PlugX operators could use it to remotely access and control compromised systems and deploy additional malware.

Furthermore, the variant in this case was able to spread through computer USB ports, infecting attached USB devices and, potentially, propagating among other Windows systems that would get in contact with the spiked USB drives.

Chinese-sponsored threat actors behind the curtains

Court documents revealed that the Chinese government sponsored the cybercrime syndicate to develop their PlugX derivative.

Since at least 2014, the group compromised thousands of systems, including US victims, Asian and European businesses and governments, and even Chinese dissident groups.

To make matters worse, owners of computers still infected with PlugX are generally unaware that it’s on their systems.

PlugX purged from approximately 4,258 US-based systems

“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” said US Attorney Jacqueline Romero for the Eastern District of Pennsylvania. “Working alongside both international and private sector partners, the Department of Justice’s court-authorized operation to delete PlugX malware proves its commitment to a ‘whole-of-society’ approach to protecting U.S. cybersecurity.”

Starting in August last year, the DoJ and FBI obtained nine warrants, the last of which expired on Jan. 3, authorizing them to remove PlugX from US-based devices. During the operation, authorities deleted PlugX from roughly 4,258 US-based computers and networks.

Defending against PlugX and other similar threats

Dedicated software solutions like Bitdefender Ultimate Security can safeguard your systems against PlugX, viruses, worms, Trojans, zero-day exploits, ransomware, rootkits, spyware and other cyber threats.

Its key features include comprehensive, continuous monitoring and protection, network threat prevention, behavioral detection for active apps, multi-layered ransomware protection, web attack prevention, vulnerability assessment, and AI-assisted scam protection (Scamio).