FBI Removes Chinese Malware from Over 4,200 U.S. Computers

Court-approved operation neutralizes PlugX malware used by China-linked hackers to steal sensitive data from victims' systems.

The FBI remotely deleted PlugX malware from 4,258 computers in the U.S. under a court-authorized operation spanning August 2024 to January 2025.
PlugX, a malware variant linked to the Chinese government-backed hacking group Mustang Panda, has been active since 2014, targeting victims worldwide.
The malware spread via infected USB drives and allowed hackers to control systems, steal data, and execute commands on compromised devices.
French law enforcement and cybersecurity firm Sekoia played a key role by identifying a self-delete command within PlugX, which the FBI used to neutralize the malware without impacting other device functions.
The operation is part of broader efforts to counter state-sponsored cyber threats, with victims notified through their internet service providers about the malware removal.