FBI deletes Chinese ‘PlugX’ malware from over 4K infected computers


A Chinese-linked malware, known as PlugX, has been successfully wiped from thousands of infected computers worldwide, the US Department of Justice and the FBI said on Tuesday.

Justice officials say the stealth malware, which targets Windows-based computers, has been tied to the Chinese state-sponsored hacking groups “Mustang Panda” and “Twill Typhoon.”

According to court documents unsealed in the Eastern District of Pennsylvania, the Beijing-linked hackers used a version of PlugX malware to infect, control, and steal information from victim computers.

ADVERTISEMENT

What makes PlugX so dangerous is that the malware is undetectable, leaving most computer and network operators unaware they have even been compromised.

Furthermore, Mustang Panda is said to have developed the strain at the request of the People’s Republic of China (PRC).

“This operation, like other recent technical operations against Chinese and Russian hacking groups like Volt Typhoon, Flax Typhoon, and APT28, has depended on strong partnerships to successfully counter malicious cyber activity,” said Asst. Attorney General Matthew Olsen of the DoJ’s National Security Division.

Since 2014, PlugX has been used to infiltrate thousands of systems, stealing sensitive information from US targets, European and Asian governments, businesses, and even Chinese dissident groups, the DoJ said.

The powerful hacking tool was removed from a total of 4,258 computers and networks within the US alone – part of a global effort led by French law enforcement and cybersecurity firm Sekoia.io, the FBI said.

The French firm was able to identify a way to send commands to the infected computers that would delete the PlugX version from the devices without impacting their legitimate functions or collecting data.

ADVERTISEMENT

After testing and verifying the command, the FBI obtained nine warrants from the Eastern District of Pennsylvania last August, authorizing the deletion of PlugX from US-based systems.

“This wide-ranging hack and long-term infection of thousands of Windows-based computers, including many home computers in the United States, demonstrates the recklessness and aggressiveness of PRC state-sponsored hackers,” said U.S. Attorney Jacqueline Romero for the Eastern District of Pennsylvania.

The final warrant expired on January 3, 2025, marking the conclusion of the US portion of the month long operation.

Gintaras Radauskas vilius Paulina Okunyte justinasv
Don’t miss our latest stories on Google News

The FBI is now working with internet service providers to notify affected computer owners about the cleanup effort, the DoJ said.

DoJ officials urge anyone suspecting they have a compromised computer or device to visit the FBI’s Internet Crime Complaint Center (IC3).