Security News > 2023 > January > Researchers Discover New PlugX Malware Variant Spreading via Removable USB Devices

Cybersecurity researchers have uncovered a PlugX sample that employs sneaky methods to infect attached removable USB media devices in order to propagate the malware to additional systems.

"This PlugX variant is wormable and infects USB devices in such a way that it conceals itself from the Windows operating file system," Palo Alto Networks Unit 42 researchers Mike Harbison and Jen Miller-Osborn said.

The USB variant of PlugX is notable for the fact that it uses a particular Unicode character called non-breaking space to hide files in a USB device plugged into a workstation.

"Once a USB device is discovered and infected, any new files written to the USB device root folder post-infection are moved to the hidden folder within the USB device," the researchers said.

Unit 42 said it also discovered a second variant of PlugX that, in addition to infecting USB devices, further copies all Adobe PDF and Microsoft Word files from the host to another hidden folder on the USB device created by the malware.

With the latest development, PlugX joins the ranks of other malware families such as ANDROMEDA and Raspberry Robin that have added the capability to spread via infected USB drives.

News URL

https://thehackernews.com/2023/01/researchers-discover-new-plugx-malware.html