PlugX Malware: A French-European Joint Operation Targets Infected Systems Globally
Recently, French judicial authorities, working in association with Europol, initiated what they term a “disinfection operation.” This cyber clean-up campaign aims to eradicate PlugX, a notorious malware, which has compromised numerous hosts.
The operation started on July 18 and is projected to unfold over several months, according to an announcement from the Paris Prosecutor’s Office. Various victims across France, Malta, Portugal, Croatia, Slovakia, and Austria have already reaped the benefits of these cleanup efforts.
Sekoia, a renowned cybersecurity firm based in France, unveiled a significant development almost three months ago. With an investment of merely $7, the firm seized an IP address linked to the control and command server of the PlugX trojan in September 2023. The firm also revealed that roughly 100,000 diverse public IP addresses were making PlugX requests to the confiscated domain daily.
About PlugX Malware
Known alternately as Korplug, PlugX is a Remote Access Trojan (RAT) that has been routinely exploited by China-based cyber actors since as far back as 2008. This harmful software usually employs DLL side-loading techniques to invade compromised hosts, enabling the culprits to execute capricious commands, upload/download files, list files, and collect sensitive data.
“Originally developed by Zhao Jibin (aka. WHG), the malware has evolved over time, with the PlugX builder being shared between several intrusion sets, most of them attributed to front companies linked to the Chinese Ministry of State Security,” Sekoia stated in its report, published in April.
With time, PlugX has gained a wormlike component, allowing it to be disseminated via infected USB drives, thus skirting air-gapped networks. This implies that the malware can exist on air-gapped networks, placing these infections out of reach of effective remediation. Moreover, the PlugX worm can persist on contaminated USB devices for a considerable period, even without being attached to a workstation.
Fighting Against PlugX: The Challenges and Future Scope
Sekoia has formulated a method to eliminate PlugX. However, due to legal complexities entailed in remotely wiping out the malware from the systems, the company has left the decision to national Computer Emergency Response Teams (CERTs), law enforcement agencies (LEAs), and other cybersecurity authorities.
“Upon a report from Sekoia.io, a disinfection operation was instigated by the French judicial authorities to dismantle the botnet governed by the PlugX worm. The malware has affected numerous victims worldwide. A disinfection solution developed by the Sekoia.io TDR team was suggested via Europol to partner countries and is being implemented presently,” Sekoia disclosed.
In conclusion, the major players in the global cybersecurity landscape, both in France and internationally, have effectively joined forces to combat these destructive cyber activities. The primary focus is to repair hacked WordPress sites and restore hacked WordPress sites affected by the PlugX malware. Moreover, they aim to restore WordPress sites to their full functionality, ensuring the seamless operations of the global digital ecosystem.
Need security services for your WordPress site? Contact DrGlenn for protection and recovery. Order Services Today!.