FBI wipes Chinese PlugX malware from over 4,000 US computers The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. www.bleepingcomputer.com The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States. The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to spread through USB flash drives. According to court documents, the list of victims targeted using this malware includes "European shipping companies in 2024, several European Governments from 2021 to 2023, worldwide Chinese dissident groups, and governments throughout the Indo-Pacific (e.g., Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, Philippines, Thailand, Vietnam, and Pakistan)." *SNIP* "In August 2024, the Justice Department and FBI obtained the first of nine warrants in the Eastern District of Pennsylvania authorizing the deletion of PlugX from U.S.-based computers," the Justice Department said today. "The last of these warrants expired on Jan. 3, 2025, thereby concluding the U.S. portions of the operation. In total, this court-authorized operation deleted PlugX malware from approximately 4,258 U.S.-based computers and networks." The command sent to infected computers by the FBI told the PlugX malware: Delete the files created by the PlugX malware on the victim's computer, Delete the PlugX registry keys used to automatically run the PlugX application when the victim computer is started, Create a temporary script file to delete the PlugX application after it is stopped, Stop the PlugX application and Run the temporary file to delete the PlugX application, delete the directory created on the victim computer by the PlugX malware to store the PlugX files, and delete the temporary file from the victim computer. The FBI is now notifying the owners of U.S.-based computers that have been cleaned of the PlugX infection through their internet service providers and says the action didn't collect information from or impact the disinfected devices in any way. Cybersecurity firm Sekoia previously discovered a botnet of devices infected with the same PlugX variant, taking control of its command and control (C2) server at 45.142.166[.]112 in April 2024. Sekoia said that, over six months, the botnet's C2 server received up to 100,000 pings from infected hosts daily and had 2,500,000 unique connections from 170 countries. PlugX has been used in attacks since at least 2008, mainly in cyber espionage and remote access operations by groups linked to the Chinese Ministry of State Security. Multiple threat groups have used it to target government, defense, technology, and political organizations, primarily in Asia and later expanding to the rest of the world. this software has been around since [at least] 2008, that's some staying power even though it has received updates
In the Old West they use to hang horse thieves. No judge,jury or trial,just hung them on the spot. I wish they would do that with hackers,malware creators and the like.
Totally unrelated news: The FBI can access more than 4000 computers at will whenever the fuck they want. I would bet on a backdoor on Windows OS. One of those that Billy Gates used to code for them.
They used court orders for authorization and informed the owners of the computers' Internet connection. https://www.justice.gov/opa/pr/just...al-operation-delete-malware-used-china-backed And, it wasn't Bill Gates' fault (this time). https://www.justice.gov/opa/media/1384136/dl So, your Windows computers are still 99+44⁄100% safe.
I don't use Windows OS. From time to time, they discover new backdoors. https://developers.slashdot.org/sto...ly-new-way-to-backdoor-into-microsoft-windows Just search regularly for news about Windows OS backdoors, which has become a sport for hackers. If you are concerned about security you can't use Windows OS.
This particular "backdoor" from the initial post was a flash drive. "PlugX variant with a wormable component that allowed it to spread through USB flash drives" So, someone with physical access and appropriate permissions had to install it. Smart companies (and possibly governments, if there are any) would disable flash drives on their computers.
Congratulations, you have fixed one. Here is a magazine that goes into detail about the other 50 that you have to fix. https://hakin9.org/download/advance...ials-and-get-professional-it-security-skills/ "Windows Exploitation" is a thing. It has more followers than the most viewed category on Pornhub. If you have time, read hakin9 before going to bed. You will see how "secure" Windows OS is.