The Hacker News reports that a hundred organizations across France, Portugal, Slovakia, Austria, Croatia, and Malta with devices compromised with the PlugX malware, also known as Korplug, have already been wiped clean of the remote access trojan as part of an ongoing joint disinfection operation by French authorities and Europol, which began over a week ago and will proceed in the next "several months."
France and Europol's joint operation to dismantle the PlugX worm botnet, which has impacted millions of devices worldwide, involved the usage of a disinfection solution from Sekoia.io, which had disclosed sinkholing the RAT's command-and-control server last September. Such a tool was necessary as PlugX was noted by Sekoia to be nonremovable from USB devices even if several of its variants could leverage a self-deletion command on impacted workstations. "Firstly, the worm has the capability to exist on air-gapped networks, which makes these infections beyond our reach. Secondly, and perhaps more noteworthy, the PlugX worm can reside on infected USB devices for an extended period without being connected to a workstation," said Sekoia.
