FBI removes Chinese malware PlugX from over 4,200 computers

The Department of Justice (DOJ) and the FBI have deleted malware originating from the People’s Republic of China (PRC) from over 4,200 computers that were located in the US.
According to the DOJ, the malware was called PlugX and had infected thousands of computers worldwide. A group of hackers known as ‘Mustang Panda’ or ‘Twill Typhoon’ used a version of the malware to infect, control and steal information.
Unsealed court documents from the Eastern District of Pennsylvania suggest that Beijing paid Mustang Panda to develop a specific version of PlugX. The group of hackers used this malware since 2014 to infiltrate thousands of computer systems in campaigns targeting American, European and Asian businesses, and Chinese dissident groups.
Most victims are unaware that their systems have been infected with Mustang Panda’s version of PlugX. Therefore, the court authorized an operation in which the FBI was allowed to remediate the infection.
To remove the malware the FBI used a tool that was developed by French law enforcement authorities and Sekoia.io, a French cybersecurity firm. The FBI tested the tool’s effectiveness and concluded it didn’t impact legitimate functions of infected computers. The intelligence and security service deleted PlugX malware from 4,258 computers and networks in the US.
“The FBI worked to identify thousands of infected US computers and delete the PRC malware on them. The scope of this technical operation demonstrates the FBI’s resolve to pursue PRC adversaries no matter where they victimize Americans,” Wayne Jacobs, Special Agent in Charge of the FBI Philadelphia Field Office, said in a statement about the operation.
“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” US Attorney for the Eastern District of Pennsylvania Jacqueline Romero added.
The FBI is working with internet service providers to notify owners of infected computers about the operation.
The FBI’s Internet Crime Complaint Center (IC3) recommends that people who suspect that their computer is infected with PlugX should contact their local FBI field office directly. Additionally, it encourages people to use antivirus software and install software security updates as soon as they are available.
Your email address will not be published. Required fields are marked