
A malware strain traced back to China has been successfully neutralized following an FBI court order that facilitated the removal of its harmful code from thousands of Windows-based computers.
This operation has effectively brought an end to the PlugX malware in the United States, which had impacted over 2.5 million devices worldwide by compromising infected USB drives, according to PCMag.
Working alongside the FBI, the Justice Department announced that it received judicial approval to expunge the malware from around 4,260 computers and networks across the country as of Tuesday. Consequently, the FBI plans to alert the owners of affected devices through their respective internet service providers.
This case highlights the efforts by federal agencies to tackle significant cybersecurity threats. The Justice Department clarified that the assailants behind this incident are a group of state-sponsored hackers from China known as “Mustang Panda,” who created a tailored version of the PlugX malware for this ongoing campaign.
Initially identified in 2008, PlugX served as a backdoor vulnerability, allowing cybercriminals to remotely control compromised Windows machines. By 2020, updates to the malware enabled it to infiltrate USB drives and connected computers, making it “wormable,” meaning it could spread between PCs through infected peripherals.
Cybersecurity firm Sekoia noted that Mustang Panda eventually lacked the necessary resources to manage the large number of systems infected with PlugX and ultimately abandoned the undertaking.
Additionally, cybersecurity company Sophos detected numerous PlugX infections originating from a single IP address. In September 2023, in conjunction with Sekoia, Sophos spent just $7 to gain insights into the IP address and the affected devices. This investigation revealed a self-deletion command embedded within the PlugX code.
In July 2024, French law enforcement authorized the use of this self-deleting feature to rectify the infected computers, and since then, 22 additional countries have adopted similar measures.
While specific methods for removing the malware from U.S. systems are not yet clear, the FBI confirmed in an affidavit that it has verified the self-delete command’s effectiveness, ensuring that it exclusively removes the malware without impacting any other functions on the device or transmitting any unauthorized code.