"FBI Uses Malware's Own Self-Delete Trick to Erase Chineses PlugX From US Computers"
Share
The FBI, working in tandem with law enforcement authorities in France, recently turned the PlugX malware’s own self-delete mechanism against it, erasing the China-linked remote access trojan from more than 4,200 infected computers in the United States. Investigators used court-approved access to a command-and-control (C2) server to send self-delete commands embedded within the malware’s functionality, wiping it clean without disrupting legitimate files or functions. The FBI operation targeted a version of the malware deployed by Mustang Panda, a hacking group linked to the Chinese government. The FBI said that the PlugX malware, in circulation since at least 2008, has been publicly documented as a RAT (Remote Access Trojan) used as a backdoor to take complete control of infected computers. Once the device is infected, PlugX allowed the Chinese hackers to harvest data, capture screenshots and keystrokes, reboot the system and manage processes, services and Windows registry entries. According to the FBI, the Chinese government paid the Mustang Panda group behind the PlugX malware to manage cyber operations and develop this specific version of the malware.