The FBI just closed the backdoor into thousands of computers by telling the malware to delete itself. According to a press release of the Ministry of Justiceintelligence agency was able to successfully force PlugX, a piece of malware used by Chinese state-sponsored hacking groups to steal data from victims, to be deleted from its victims’ machines.
PlugX is a remote access trojan that has been around since at least 2008. towards Malpediaand was the favored tool of the notorious Chinese hacking group often referred to as “Mustang Panda” or “Twill Typhoon”, which used it to infect computers across the US, Asia and Europe. The malware, which typically infects victims who plug an infected USB drive into their machines, gives attackers full remote access to the system, including the ability to log keystrokes, capture screen activity and execute commands.
In order to retrieve information and send commands to hacked machines, the malware connects to a command and control server run by the hacking group. According to the FBIat least 45,000 IP addresses in the US had a backlink to the command and control server as of September 2023.
It was this server that allowed the FBI to finally kill this pesky malware. First, they used the knowledge and experience of the French intelligence agencies that they had recently discovered the technique to self-destruct PlugX. The FBI then gained access to the hacker’s command and control server and used it to search for all the IP addresses of machines that were actively infected with PlugX. He then sent a command through the server that causes PlugX to be deleted from his victims’ computers.
And just like that, PlugX was removed from more than 4,258 machines nationwide, the FBI says. Similar operations by partner law enforcement agencies have also cleaned up the malware from thousands of other machines around the world.
Still, PlugX is probably far from dead. Sekoia Cyber Security Company discovered malware command and control server back in April 2024 and said it received pings from 2,500,000 unique devices from 170 countries over six months. The malware has been a pain point for security experts and has been used to target a wide range of victims. According to the FBIin recent years it has been used to infect European shipping companies, government agencies across Europe and the Indo-Pacific, and Chinese dissident groups. At least some of PlugX’s operations are neutered for now, so that’s something.