We at Sophos have been writing about it for years, most recently in November. PlugX is fairly common backdoor malware (a RAT, remote access Trojan) of Chinese origin, one that relies on DLL sideloading to do its dirty work. The novel aspects of this variant are a new payload and callbacks to a C2 server previously thought to be only tenuously related to this worm.įigure 1: An unusual distribution of infections is the hallmark of a new PlugX variant that relies on DLL sideloading to propagate Additional infections appeared in Mongolia, Zimbabwe, and Nigeria. After first drawing attention to itself in Papua New Guinea in August 2022, the new variant appeared in January both in the Pacific Rim nation and 10,000 miles away in Ghana. Our researchers are currently seeing localized outbreaks of a new variant of the PlugX USB worm – in locations nearly halfway around the world from each other.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |