
A Chinese-linked malware, known as PlugX, has been successfully wiped from thousands of infected computers worldwide, the US Department of Justice and the FBI said on Tuesday.
Justice officials say the stealth malware, which targets Windows-based computers, has been tied to the Chinese state-sponsored hacking groups “Mustang Panda” and “Twill Typhoon.”
According to court documents unsealed in the Eastern District of Pennsylvania, the Beijing-linked hackers used a version of PlugX malware to infect, control, and steal information from victim computers.
What makes PlugX so dangerous is that the malware is undetectable, leaving most computer and network operators unaware they have even been compromised.
Furthermore, Mustang Panda is said to have developed the strain at the request of the People’s Republic of China (PRC).
“This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity,” said Asst. Attorney General Matthew Olsen of the DoJ’s National Security Division.
Justice Department and FBI Conduct International Operation to Delete Malware Used by China-Backed Hackers
undefined National Security Division, U.S. Dept of Justice (@DOJNatSec) January 14, 2025
Court-Authorized Operation Removes PlugX Malware from Over 4,200 Infected U.S. Computers
🔗: https://t.co/4xIeydWTSB pic.twitter.com/HkKFhN2jWM
Since 2014, PlugX has been used to infiltrate thousands of systems, stealing sensitive information from US targets, European and Asian governments, businesses, and even Chinese dissident groups, the DoJ said.
The powerful hacking tool was removed from a total of 4,258 computers and networks within the US alone – part of a global effort led by French law enforcement and cybersecurity firm Sekoia.io, the FBI said.
The French firm was able to identify a way to send commands to the infected computers that would delete the PlugX version from the devices without impacting their legitimate functions or collecting data.
After testing and verifying the command, the FBI obtained nine warrants from the Eastern District of Pennsylvania last August, authorizing the deletion of PlugX from US-based systems.
“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” said U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania.
The final warrant expired on January 3, 2025, marking the conclusion of the US portion of the month long operation.
The FBI is now working with internet service providers to notify affected computer owners about the cleanup effort, the DoJ said.
DoJ officials urge anyone suspecting they have a compromised computer or device to visit the FBI’s Internet Crime Complaint Center (IC3).
Your email address will not be published. Required fields are markedmarked