Virus descriptions, 26.07.2024, 11:30 AM
Ahead of the Olympics, French authorities are doing everything they can to remove the PlugX malware, which is used for espionage, from infected devices in the country.
The operation is being carried out by the Digital Crime Center of the National Gendarmerie with the help of the French cyber security firm Sekoia, which previously took over the command and control servers of the network of several million computers infected with PlugX.
PlugX is a Remote Access Trojan (RAT) that has been used by Chinese hacking groups for a long time. Sekoia previously published details about the PlugX botnet, which spreads via infected USB flash drives. The malware has so far infected nearly 2.5 million devices in 180 countries.
When Sekoia took control of the command and control servers, they could no longer be used to issue commands to infected devices. But the malware remained active on systems, posing a constant risk.
Sekoia proposed a cleanup mechanism that uses a kind of PlugX plugin that is distributed to infected devices to issue a self-delete command that removes the infection.
The researchers also proposed a method to scan connected USB flash drives. However, automatically cleaning USB drives can corrupt files and prevent access to legitimate files, making this method risky.
In France, 3,000 devices were infected with the PlugX malware, which the authorities consider unacceptable, especially in light of the Olympic Games. That is why they are determined to remove malware from infected systems in the country, but malware is removed in the same way from infected systems in Malta, Portugal, Croatia, Slovakia and Austria, and the same solution will be offered to other countries through Europol.
People are advised to be careful when plugging their USB sticks into systems in printing shops and elsewhere and to scan them afterwards before connecting them to systems containing sensitive data.
The disinfection operation began on July 18 and is expected to continue for several more months, and may end at the end of 2024. By the end of 2024, the French National Agency for the Security of Information Systems (ANSSI) will individually notify all victims in the country.
French Prime Minister Gabriel Attal has warned the public that cyber attacks during the Paris Olympics could be “inevitable”.
“We are a target. There will be cyber attacks. The key thing is to limit their scope,” Atal told reporters at the ANNSI headquarters. “Our country is a target more than ever. We are ready to face it,” said Atal.
Source: www.informacija.rs
