Priya Patel
TLDR:
- Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago.
- Experts have warned about the ongoing threat posed by devices infected with this dangerous malware.
Summary:
Despite the creators of the PlugX malware abandoning it years ago, millions of devices around the world are still connected to it, according to cybersecurity experts. The malware, first observed in 2008 in cyber-espionage campaigns by Chinese state-sponsored actors, allows for command execution, file download, keylogging, and more. Although the malware’s original targets were in Asia, it has since spread globally with infected devices located in 170 countries. The malware’s command & control (C2) server receives hundreds of thousands of connection requests daily, with Nigeria, India, China, and the United States among the most affected countries. The lack of unique identifiers in the C2 server and the use of VPN services make it challenging to accurately determine the number of infected devices. Despite the increased risks associated with PlugX, containment is difficult due to its ability to spread through USB drives. The leak of the malware’s source code in 2015 has led to various groups, both state-sponsored and financially motivated, using it, prompting the original creators to abandon it. The ongoing threat posed by PlugX serves as a reminder of the importance of cybersecurity measures and constant vigilance against evolving malware threats.
