Millions of devices worldwide infected with Chinese spyware

PlugX, created by Chinese hacking groups Mustang Panda and Twill Typhoon, with support from the Chinese government, infected devices via USB ports.

The US Department of Justice, together with the FBI and French partners, remotely removed the PlugX malware from more than 4,200 computers in the US and thousands more in France. The virus, which was used for espionage and information gathering, was detected on devices in more than 170 countries.

Created by Chinese hacking groups Mustang Panda and Twill Typhoon, with support from the Chinese government, PlugX infected devices via USB ports. The virus then accessed victims' files and transferred them to the attackers.

According to US intelligence agencies, this operation is one of the largest responses to hacking attacks linked to China. However, the scale of the infection is much larger: according to preliminary data, millions of devices worldwide remain at risk.

The French cybersecurity company Sekoia.io, which participated in the investigation, confirmed the presence of PlugX on 3,000 computers in France. The operation to remove the virus has been ongoing since August 2024 and was carried out in coordination with law enforcement agencies in both countries.

American providers will notify owners of affected devices that the virus has been neutralized, but the US and French governments are calling for increased cybersecurity measures to avoid similar attacks in the future.