FBI Deletes PlugX Malware from Thousands of Computers

Read Time:51 Second

According to a DOJ press release, the FBI was able to delete the Chinese-used PlugX malware from “approximately 4,258 U.S.-based computers and networks.”

Details:

To retrieve information from and send commands to the hacked machines, the malware connects to a command-and-control server that is operated by the hacking group. According to the FBI, at least 45,000 IP addresses in the US had back-and-forths with the command-and-control server since September 2023.

It was that very server that allowed the FBI to finally kill this pesky bit of malicious software. First, they tapped the know-how of French intelligence agencies, which had recently discovered a technique for getting PlugX to self-destruct. Then, the FBI gained access to the hackers’ command-and-control server and used it to request all the IP addresses of machines that were actively infected by PlugX. Then it sent a command via the server that causes PlugX to delete itself from its victims’ computers.

Middle Eastern Real Estate Fraud Grows with Online Listings

Trump’s Truth Social Users Targeted by Rampant Scams Online

Biden Tightens Software Supply Chain Security Requirements Ahead of Trump Takeover

DORA Compliance Costs Soar Past €1m for Many UK and EU Businesses

New Hacking Group Leaks Configuration of 15,000 Fortinet Firewalls

GoDaddy Accused of Serious Security Failings by FTC