The FBI, armed with a court order, has successfully neutralized a China-linked malware that infected millions of Windows PCs worldwide. This operation marks a significant victory in the fight against cyber threats.
The malware, known as PlugX, had compromised over 2.5 million devices globally, spreading primarily through infected USB drives. The FBI, in collaboration with the Justice Department, obtained legal authorization to remove the malicious code from approximately 4,260 affected computers and networks within the United States. Internet service providers will notify the owners of the compromised machines.
This successful operation underscores the importance of continuous cybersecurity research and international cooperation. The Justice Department identified the perpetrators as “Mustang Panda,” a group of Chinese state-sponsored hackers who developed a customized version of the PlugX malware.
PlugX first emerged in 2008 as a backdoor vulnerability, enabling unauthorized access and control of Windows machines. By 2020, it had evolved into a “wormable” malware, capable of spreading between computers via infected peripherals like USB drives.
An individual surrounded by several computers typing on a laptop.
French cybersecurity firm Sekoia observed that Mustang Panda eventually struggled to manage the vast number of infected machines and subsequently abandoned the project. Similarly, antivirus provider Sophos detected numerous PlugX infections originating from a single IP address. In September 2023, Sophos, working with Sekoia, gained access to the IP address and infected machines for a mere $7. Their investigation revealed a self-delete command embedded within the PlugX code.
In July 2024, French law enforcement utilized this self-delete mechanism to remediate infected machines. Since then, 22 other countries have adopted the same approach.
While the precise method used by U.S. authorities to remove the malware remains undisclosed, the FBI confirmed in an affidavit that the self-delete command effectively eliminates the malware without impacting other device functions or installing additional unwanted code. This successful neutralization of the PlugX malware demonstrates the effectiveness of collaborative efforts between law enforcement and cybersecurity experts in combating sophisticated cyber threats.
