BleepingComputer reports that Windows devices are being infected with the PlugX malware, which is hidden on removable USB drives.
Attackers have been enabling PlugX payload deployment through the use of the Windows debugger "x64dbg.exe" and the malicious "x32bridge.dll," which could not be detected by most antivirus engines on Virus Total, a report from Palo Alto Networks' Unit 42 team revealed.
The PlugX malware identified by researchers was also found to use a Unicode character for new directory creation in USB drives, enabling concealment in Windows Explorer and the command shell.
"The shortcut path to the malware contains the Unicode whitespace character, which is a space that does not cause a line break but is not visible when viewed via Windows Explorer," said researchers.
Successful PlugX infection would prompt further tracking of new USB devices to be infected. USB drives have also been targeted by another PlugX malware version with file-stealing capabilities, the report showed.
Change Healthcare attack linked to state-backed threat actors Major U.S. healthcare revenue and payment cycle management provider Change Healthcare was noted by its parent firm UnitedHealth Group to have been targeted by suspected state-sponsored threat actors in a cyberattack on Feb. 20, TechCrunch reports.