Home » News » FBI gets court ordered malware fix for Windows PCs

FBI gets court ordered malware fix for Windows PCs

FBI gets court ordered malware fix for Windows PCs
May Be Interested In:Louise Thompson says ‘I failed myself’ as she speaks on terrifying health scare


Digital Trends

A malware originating from China has now been contained after the FBI gained a court order to have the harmful code deleted from thousands of Windows PCs.

The agency has successfully put an end to the reign of the PlugX malware in the U.S., which has affected over 2.5 million devices globally by infiltrating infected USB drives, PCMag noted.

Working with the FBI, the Justice Department has confirmed that it has been granted court sanction to remove the malware from nearly 4,260 computers and networks in the U.S. as of Tuesday. With the resolution announced, the FBI is set to notify owners of infected machines via their internet service providers.

This is just one instance of federal departments getting control of a serious cybersecurity risk. However, its resolution notes the importance of ongoing cybersecurity research. The Justice Department detailed that the actors behind the attack are a private group of Chinese state-sponsored hackers called “Mustang Panda” that developed a unique version of PlugX malware for the ongoing mission.

PlugX first surfaced in 2008 when it was used as a backdoor vulnerability for bad actors to secretly control Windows machines. By 2020, the malware had been updated to allow it to infiltrate USB drives as well as connected PCs. This is described as a “wormable” malware that can transfer between computers via infected peripherals.

French cybersecurity vendor Sekoia observed that Mustang Panda eventually lacked the resources to support the number of machines it had infected with the PlugX malware and ultimately abandoned the project.

Similarly, antivirus provider Sophos observed several PlugX infections originating from a single IP address source. In September 2023,  collaborating with Sekoia, the cybersecurity vendor paid just $7 to gain access to the IP address and the infected machines. Further research uncovered a self-delete command within the PlugX code.

In July 2024, law enforcement in France allowed the self-deleting mechanism to be used to remedy the infected machines. Since then, 22 other countries have also followed suit.

While it is not clear how the U.S. entities plan to remove the malware from domestic PCs, the FBI testified in an affidavit that it has tested this self-delete command, confirming that it only removes the malware and does not affect any other device functions or transfer any other unwarranted code.






share Share facebook pinterest whatsapp x print

Similar Content

Attack leaves at least 40 people dead in Nigeria, the country's president says
Attack leaves at least 40 people dead in Nigeria, the country’s president says April 15, 2025
2024 is on its way to being the hottest year ever
2024 is on its way to being the hottest year ever December 27, 2024
Synthetic hair marketed to Black women contains carcinogens and lead, report finds
Synthetic hair marketed to Black women contains carcinogens and lead, report finds March 3, 2025
A ludicrous night in Lisbon and Liverpool stay perfect – Football Weekly
A ludicrous night in Lisbon and Liverpool stay perfect – Football Weekly January 22, 2025
Iranian singer Parastoo Ahmadi, who was arrested
Brazilian School Massacre Foiled as Shooter’s Gun Jams December 20, 2024
One of the most anticipated shows will be on Sunday by in-vogue French designer Simon Porte Jacquemus, whose Jacquemus brand is making its return to the official calendar after a five-year absence. Image: Julien De Rosa / AFP©
Paris Men’s Fashion Week: Louis Vuitton, Willy Chavarria, Simon Porte Jacquemus Gear Up For Showing – Forbes India January 21, 2025
The Pulse of the World: Stay in the Loop | © 2025 | Daily News