Threat Management, Vulnerability Management

Removable USB devices targeted by PlugX malware

BleepingComputer reports that Windows devices are being infected with the PlugX malware, which is hidden on removable USB drives. Attackers have been enabling PlugX payload deployment through the use of the Windows debugger "x64dbg.exe" and the malicious "x32bridge.dll," which could not be detected by most antivirus engines on Virus Total, a report from Palo Alto Networks' Unit 42 team revealed. The PlugX malware identified by researchers was also found to use a Unicode character for new directory creation in USB drives, enabling concealment in Windows Explorer and the command shell. "The shortcut path to the malware contains the Unicode whitespace character, which is a space that does not cause a line break but is not visible when viewed via Windows Explorer," said researchers. Successful PlugX infection would prompt further tracking of new USB devices to be infected. USB drives have also been targeted by another PlugX malware version with file-stealing capabilities, the report showed.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.