The FBI says it created malware that deleted itself from American computers

The FBI just closed a backdoor on thousands of computers by requiring the malware to delete itself. According to A Press release from the Ministry of JusticeThe intelligence agency was able to successfully obtain PlugX, a malware used by Chinese state-sponsored hacker groups to steal information from victims, to delete itself from its victims’ devices.

PlugX is a remote access Trojan that has been around since at least 2008. According to MalpediaIt was a favored tool of a notorious Chinese hacking group often referred to as the “Mustang Panda” or “Twill Typhoon,” which it used to infect computers across the United States, Asia, and Europe. The malware, which typically infects victims who connect an infected USB drive to their devices, gives attackers full remote access to the system, including the ability to record keystrokes, capture screen activity, and execute commands.

To retrieve information from the compromised devices and send commands to them, the malware connects to a command and control server run by the hacking group. According to the FBIthere have been at least 45,000 IP addresses in the United States switching back and forth with the command and control server since September 2023.

It was this server that allowed the FBI to kill this annoying piece of malware. First, they benefited from the experience that French intelligence agencies had I recently discovered a technique To get PlugX to self-destruct. The FBI then gained access to the hackers’ command and control server and used it to request all the IP addresses of devices that were actively infected by PlugX. It then sent a command through the server that caused PlugX to delete itself from its victims’ computers.

In this way, PlugX was removed from more than 4,258 devices across the country, the FBI says. Similar operations carried out by partner law enforcement agencies have removed the malware from thousands of other devices around the world as well.

PlugX is probably far from dead. Cybersecurity company Sequoia find out malware command and control server back in April 2024, and said that over the course of six months, it received votes from 2,500,000 unique devices from 170 countries. Malware has been a pain in the side of security experts and has been used to target a wide range of victims. According to the FBIIn recent years, it has been used to infect European shipping companies, government agencies across Europe and the Indo-Pacific region, and Chinese dissident groups. For now, at least some of PlugX’s operations have been neutralized, so that’s something.