US removes malware suspected of being planted on computers by Chinese-backed hackers Reuters

Written by Sarah N. Lynch

WASHINGTON (Reuters) – The U.S. Justice Department said on Tuesday it had removed malware installed on more than 4,200 computers by a hacking group backed by the People’s Republic of China.

The malware, known as “PlugX,” affected thousands of computers worldwide and was used to infect and steal information, the department said.

Investigators said the malware was installed via infected USB devices by a group of hackers known as “Mustang Panda” and “Twill Typhoon.”

In court records filed in the US District Court for the Eastern District of Pennsylvania, prosecutors said the Chinese government paid the Mustang Panda team to develop PlugX. Cybersecurity firm Sekoia identified the command and control infrastructure used by hackers to control this variant of PlugX in September 2023 and then worked with French law enforcement to seize the infrastructure in July 2024, French authorities said at the time.

The FBI worked closely with French authorities to identify US-based devices targeted by the malware to send commands to disable each device, according to an FBI affidavit.

The malware has been used since at least 2014 to target computers in the United States, Europe and Asia, as well as the computers of Chinese political opponents.