Share this article
Latest news
With KB5043178 to Release Preview Channel, Microsoft advises Windows 11 users to plug in when the battery is low
Copilot in Outlook will generate personalized themes for you to customize the app
Microsoft will raise the price of its 365 Suite to include AI capabilities
Death Stranding Director’s Cut is now Xbox X|S at a huge discount
Outlook will let users create custom account icons so they can tell their accounts apart easier
Hackers can use the PlugX USB worm to steal data from various countries
Cybersecurity experts might leave it alone or make it self-destruct
3 min. read
Published onApril 30, 2024
published onApril 30, 2024
Share this article
Read our disclosure page to find out how can you help Windows Report sustain the editorial teamRead more
The PlugX USB worm is malware that can infect various devices when it connects to them through their USB ports. It doesn’t need any end-user interaction to work. In addition, it can self-replicate and spread to new USB devices automatically. On top of that, its original creators abandoned it, and its botnet is dead. However, according toSophos researchers, anyone could use it to send commands or repurpose it for malicious activities. Yet, they would need to have access to its server.
After thorough research,Sekoia researchersdiscovered that their server receives between 90,000 and 100,000 distinctive PlugX requests daily from unique IP addresses. So, they concluded that the malware spread to millions of devices.
Who uses the PlugX USB worm?
The first version of the PlugX malware appeared in 2008. Back then,Chinese threat actorsused it in a campaign againstgovernment-related usersand an organization from Japan. Afterward, the virus mainly stayed in Asia until 2012, but then it spread to other parts of the world. Yet, various companies changed the PlugX malware and developed new versions, such as the worm. Also, most cybercriminals have ties with theChinese Ministry of State Security.
The PlugX USB worm allows hackers to steal data, perform remote commands, upload and download files, and execute programs on the device. To install it, they used the DLL Side-Loading technique. Through it, the virus could infiltrate a system by hiding inside a DLL file.
How can we get rid of the PlugX malware?
There aren’t too many options to get rid of the PlugX USB worm. However, it has a built-in self-delete feature. Yet, the self-destruction option might result in legitimate data loss. On top of that, there is a risk of reinfection since disinfection might not reach all affected devices.
Fortunately, the Sekoia team took action and proposed to Law Enforcement Agencies and national Computer Emergency Response Teams to remove the PlugX USB worm remotely. Additionally, they record the information to keep track of the virus. In addition, the researchers will use their removal payloads and commands on the requests from the systems marked for disinfection to speed up the process.
Ultimately, cybersecurity experts from different countries will decide how to deal with the PlugX USB worm. After all, none of the existing methods represents is free of risks. Thus, it might be hard to figure out what to do. Also, since the PlugX USB malware might exist on external devices that won’t take part in disinfection, the virus might resurface in a while. Also, another version of the malware could infect devices in its absence.
What are your thoughts? What should experts do? Let us know in the comments.
More about the topics:Cybersecurity,security threats
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming. So, he spends his time writing prompts on various LLMs to understand them better. Additionally, Sebastian has experience fixing performance-related problems in video games and knows his way around Windows. Also, he is interested in anything related to quantum technology and becomes a research freak when he wants to learn more.
User forum
0 messages
Sort by:LatestOldestMost Votes
Comment*
Name*
Email*
Commenting as.Not you?
Save information for future comments
Comment
Δ
Sebastian Filipoiu
Sebastian is a content writer with a desire to learn everything new about AI and gaming.
