Sophisticated PlugX backdoor variant leveraged in Mustang Panda attacks

Numerous countries across Asia, including Taiwan, Vietnam, India, Japan, and China, have been targeted by Chinese state-backed advanced persistent threat operation Mustang Panda, also known as Earth Preta, Camaro Dragon, Bronze President, TA416, and Stately Taurus, in attacks involving the advanced DOPLUGS backdoor, which is a variant of the PlugX malware, reports The Hacker News. Unlike the basic PlugX backdoor, DOPLUGS has been integrated with a separate launcher enabling an executable to conduct DLL sideloading, while facilitating command execution and next-stage malware deployment, according to a report from Trend Micro. Some DOPLUGS samples were also discovered to include the KillSomeOne module that enables USB-based malware delivery and data exfiltration. Such findings come months after Lab52 researchers reported that Taiwanese government and political organizations had been targeted with DOPLUGS, which was noted to have its unique RC4 algorithm implementation for PlugX decryption. Moreover, Hong Kong and Vietnam were previously noted by Avira to have been subjected to attacks involving a PlugX backdoor variant with the KillSomeOne module.