FBI wipes Chinese PlugX malware from over 4,000 US computers
The U.S. Department of Justice announced today that the FBI has deleted Chinese PlugX malware from over 4,200 computers in networks across the United States.
The malware, controlled by the Chinese cyber espionage group Mustang Panda (also tracked as Twill Typhoon), infected thousands of systems using a PlugX variant with a wormable component that allowed it to spread through USB flash drives.
According to court documents, the list of victims targeted using this malware includes "European shipping companies in 2024, several European Governments from 2021 to 2023, worldwide Chinese dissident groups, and governments throughout the Indo-Pacific (e.g., Taiwan, Hong Kong, Japan, South Korea, Mongolia, India, Myanmar, Indonesia, Philippines, Thailand, Vietnam, and Pakistan)."
"Once it has infected the victim computer, the malware remains on the machine (maintains persistence), in part by creating registry keys which automatically run the PlugX application when the computer is started," the affidavit reads. "Owners of computers infected by PlugX malware are typically unaware of the infection."
