The French police and Europol are pushing out a "disinfection solution" that automatically removes the PlugX malware from infected devices in France.
The operation is conducted by the Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie with assistance by French cybersecurity firm Sekoia, which sinkholed a command and control server for a widely distributed PlugX variant last April.
PlugX is a remote access trojan that has been deployed by multiple Chinese threat actors for a long time. New variants are modified and released according to a malicious campaign's operational needs.
Cybersecurity firm Sekoia previously reported on a botnet for a PlugX variant that spread through USB flash drives. This botnet was abandoned by its original operator, but it continued to spread independently, infecting almost 2.5 million devices.
Sekoia took control of the abandoned command and control servers, which received up to 100,000 pings from infected hosts daily and had 2,500,000 unique connections from 170 countries over six months.