Millions of devices could still be compromised by the abandoned PlugX USB worm with self-replicating functionality, with infections logged from almost 2.5 million IP addresses over a six-month period beginning September 2023, according to Ars Technica.