Fbi Hacked Thousands Of Computers To Make Malware Uninstall Itself

The FBI hacked astir 4,200 computers crossed nan US arsenic information of an cognition to find and delete PlugX, a malware utilized by state-backed hackers successful China to bargain accusation from victims, nan Department of Justice announced connected Tuesday.

In an unsealed affidavit, nan FBI says nan China-based hacking group known by nan monikers “Mustang Panda” and “Twill Typhoon” utilized PlugX to infect thousands of Windows computers successful nan US, Asia, and Europe since astatine slightest 2012. The malware, which infects computers done their USB ports, operates successful nan inheritance while allowing hackers to “remotely entree and execute commands” connected victims’ computers.

To do this, infected computers relationship a command-and-control server tally by nan hackers, which has its IP reside hard-coded into nan malware. From there, hackers tin remotely entree users’ files and get accusation astir infected computers, specified arsenic their IP addresses. At slightest 45,000 IP addresses successful nan US personification contacted nan command-and-control server since September 2023, according to nan FBI.

The FBI utilized this very utilization to region PlugX from infected computers. In collaboration pinch French norm enforcement, which launched a PlugX deletion cognition of its own, nan FBI gained entree to nan command-and-control server and requested nan IP addresses of infected computers. It past sent a autochthonal bid to make PlugX delete nan files it created connected victims’ computers, extremity nan PlugX exertion from running, and delete nan malware aft it’s stopped.

Last year, nan FBI likewise dismantled a web of infected Quakbot computers by instructing devices to download package to uninstall nan malware. The agency too remotely hacked hundreds of computers to protect them from nan Hafnium hack successful 2021.