TLDR:
Millions of devices could still be compromised by the abandoned PlugX USB worm with self-replicating functionality, with infections logged from almost 2.5 million IP addresses over a six-month period. The leading infected countries were Nigeria, India, China, Iran, and Indonesia.
Researchers have found that infections with the abandoned PlugX USB worm continue to be prevalent, with almost 2.5 million IP addresses affected over a six-month period. The PlugX malware has self-replicating functionality, potentially compromising millions of devices.
A report from Sekoia revealed that more than 80% of all devices compromised with the PlugX malware were from around 15 countries, with Nigeria, India, China, Iran, and Indonesia leading the pack. Researchers noted that these countries do not share many similarities, suggesting that the worm may have originated from multiple patient zeros in different countries.
The findings also highlighted the potential threat of threat actors taking over the PlugX malware, prompting impacted countries to enable self-deletion of the malware. However, this action would come at the cost of losing stored data.
This situation underscores the ongoing risk posed by abandoned malware and the importance of cybersecurity measures to protect against such threats. Organizations and individuals are urged to remain vigilant and take proactive steps to safeguard their devices and data.