Millions of devices still connect to this dangerous malware, despite the creators ditching it years ago
Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago, experts have warned.
Cybersecurity analysts Sekoia managed to obtain the IP address associated with the malware’s command & control (C2) server, and observed connection requests over a six-month period.
During the course of the analysis, infected endpoints attempted 90,000 connection requests every day, amounting to 2.5 million connections in total. The devices were located in 170 countries, it was said. However, just 15 of them made up more than 80% of total infections, with Nigeria, India, China, Iran, Indonesia, the UK, Iraq, and the United States making up the top eight.
Still at risk
While at first it might sound like there are many infected endpoints around the world, the researchers did stress that the numbers might not be entirely precise. The malware’s C2 does not have unique identifiers, which messes with the results, as many compromised workstations can exit through the same IP address.
Furthermore, if any of the devices use a dynamic IP system, a single device can be perceived as multiple ones. Finally, many connections could be coming in through VPN services, making country-related statistics moot.
PlugX was first observed in 2008 in cyber-espionage campaigns mounted by Chinese state-sponsored threat actors, the researchers said. The targets were mostly organizations in government, defense, and technology sectors, located in Asia. The malware was capable of command execution, file download and upload, keylogging, and accessing system information. Over the years, it grew additional features, such as the ability to autonomously spread via USB drives, which makes containment today almost impossible. The list of targets also expanded towards the West.
However, after the source code leaked in 2015, PlugX became more of a “common” malware, with many different groups, both state-sponsored and financially-motivated, using it, which is probably why the original developers abandoned it.
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Via BleepingComputer
More from TechRadar Pro
Millions of devices are still connected to the PlugX malware, despite its creators abandoning it months ago, experts have warned. Cybersecurity analysts Sekoia managed to obtain the IP address associated with the malware’s command & control (C2) server, and observed connection requests over a six-month period. During the course of…
Recent Posts
- The five-year journey to make an adventure game out of ink and paper
- Valoi Easy35 Film-Scanning Kit Review: Fast, Affordable, and Easy to Use
- The AI assistants are getting better fast
- This smart home brewer turned me into a beer-making master in just 9 days
- The Google Pixel 9 color options and wallpapers may have just leaked
Archives
- May 2024
- April 2024
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011