In a decisive move to eradicate the PlugX malware, French police and Europol have initiated a large-scale disinfection operation targeting infected devices across Europe. The Center for the Fight Against Digital Crime (C3N) of the National Gendarmerie, in collaboration with French cybersecurity firm Sekoia, has rolled out a unique solution designed to remove this pervasive malware from compromised systems. The operation involves deploying a custom PlugX plugin that triggers a self-destruct command to eliminate the malware, addressing the security threat posed by the malware’s widespread distribution.
PlugX, a remote access trojan frequently used by various Chinese threat actors, has been a persistent issue, with its variants evolving to meet the needs of malicious campaigns. The recent discovery of a PlugX botnet, which spread through infected USB flash drives and compromised nearly 2.5 million devices worldwide, prompted urgent action. Although Sekoia had successfully taken control of the botnet’s abandoned command and control servers, the malware continued to pose risks due to its persistence on infected systems.
The disinfection operation, which began on July 18, 2024, is targeting affected devices in France and several other European nations, including Malta, Portugal, Croatia, Slovakia, and Austria. This initiative comes amid heightened cybersecurity concerns due to the upcoming Paris 2024 Olympic Games. The French authorities are working closely with Europol and other national cybersecurity agencies to ensure a comprehensive clean-up.
Sekoia’s solution, while effective, also raises potential legal and technical issues, especially concerning the cleaning of connected USB drives. The firm has deferred decisions on broader disinfection measures to national Computer Emergency Response Teams (CERTs) and cybersecurity authorities. The National Agency for the Security of Information Systems (ANSSI) will notify affected individuals in France about the clean-up process. Users are advised to remain vigilant and take precautions with USB devices to safeguard against potential security threats.
Reference:
