Millions of devices could still be compromised by the abandoned PlugX USB worm with self-replicating functionality, with infections logged from almost 2.5 million IP addresses over a six-month period beginning September 2023, according to Ars Technica.
More than 80% of all devices compromised with the PlugX malware during the same period were from around 15 countries, led by Nigeria, India, China, Iran, and Indonesia, a report from Sekoia revealed.
"It's also intriguing to note that the leading infected countries don’t share many similarities, a pattern observed with previous USB worms such as RETADUP which has the highest infection rates in Spanish spelling countries. This suggests the possibility that this worm might have originated from multiple patient zeros in different countries," said researchers.
The findings also noted that potential takeover of the PlugX malware by threat actors having access to the IP address could prompt impacted countries to enable self-deletion of the malware but at the cost of losing stored data, researchers added.