The FBI recently closed a back door on thousands of computers, telling malware to delete itself, according to the FBI. Press release from the Ministry of JusticeIntelligence agencies were able to obtain PlugX, a piece of malware used by Chinese state-backed hackers to steal data from victims. and delete yourself from the victim's device
PlugX is a remote access trojan that has been around since at least 2008. According to Malpedia's reportIt is a popular tool for a group of famous Chinese hackers known as “Mustang Panda” or “Twill Typhoon,” who use it to infect computers across the United States, Asia, and Europe. It infects victims who insert infected USB drives into their machines. This gives the attacker full remote access to the system. Includes the ability to record keystrokes. Capture screen activity and execute commands
to extract data from and send commands to the hacked machine The malware connects to command and control servers operated by hacking groups. According to the FBIAt least 45,000 IP addresses in the United States are sending data back and forth to command and control servers as of September 2023.
It was the servers themselves that allowed the FBI to finally kill this pesky malicious software. First, they used the expertise of the French intelligence agency, which had Just discovered the technique In order for PlugX to self-destruct, the FBI was then able to gain access to the hackers' command and control servers. It uses it to request the full IP address of the infected machine. PlugX then sends a command through the server that causes PlugX to remove itself from the victim's computer.
And just like that, PlugX was removed from more than 4,258 machines across the country, the FBI said. Similar operations conducted by partner law enforcement agencies have also wiped malware from thousands of other machines around the world. together
PlugX is probably far from dead. Cyber security company Sekoia discover The malware command and control server ran in April 2024 and said that over the course of six months, it received pings from 2,500,000 unique devices from 170 countries. The malware troubled security experts and It has been used to target a wide variety of prey. To the FBIIn the past few years This method was used to spread to European shipping companies. Government agencies across Europe and the Indo-Pacific and Chinese dissidents, for now at least some of PlugX's operations have been neutered. So it's something.