Threat Management, Vulnerability Management
Removable USB devices targeted by PlugX malware
Share
BleepingComputer reports that Windows devices are being infected with the PlugX malware, which is hidden on removable USB drives.
Attackers have been enabling PlugX payload deployment through the use of the Windows debugger "x64dbg.exe" and the malicious "x32bridge.dll," which could not be detected by most antivirus engines on Virus Total, a report from Palo Alto Networks' Unit 42 team revealed.
The PlugX malware identified by researchers was also found to use a Unicode character for new directory creation in USB drives, enabling concealment in Windows Explorer and the command shell.
"The shortcut path to the malware contains the Unicode whitespace character, which is a space that does not cause a line break but is not visible when viewed via Windows Explorer," said researchers.
Successful PlugX infection would prompt further tracking of new USB devices to be infected. USB drives have also been targeted by another PlugX malware version with file-stealing capabilities, the report showed.
Related Events
Related Terms
Black HatBugBusiness Email Compromise (BEC)DNS SpoofingDeepfakeDefacementDictionary AttackDistributed ScansDrive-by DownloadDumpSecGet daily email updates
SC Media's daily must-read of the most current and pressing daily news