The Federal Bureau of Investigation (FBI) announced today that it has successfully removed dangerous Chinese malware from 4,258 computers and networks across the United States through an innovative remote deletion operation.
The malware, known as PlugX, was developed by the Mustang Panda hacking group under funding from the Chinese government. Since 2014, this malicious software has been used to infiltrate and steal information from US victims, European and Asian governments, businesses, and Chinese dissident groups.
Working alongside French law enforcement, the FBI gained access to a command-and-control server that could communicate with infected devices. The agency discovered that the PlugX malware contained a built-in "self-delete" function, which could be triggered remotely to remove all malicious components from infected systems.
Between August and December 2024, the FBI obtained nine court warrants authorizing the deletion operation. When infected computers connected to the internet, the FBI used the commandeered server to identify US-based targets through their IP addresses and send the self-delete command.
The removal process eliminated the malicious application, associated files, and registry keys that allowed the malware to automatically run during system startup. The FBI confirmed through testing that the deletion process did not affect legitimate files or computer functions.
As part of the cleanup effort, the FBI notified Internet Service Providers (ISPs) hosting the affected IP addresses, requesting them to inform their customers about the malware removal. This operation mirrors a similar initiative conducted last year that cleaned hundreds of compromised routers.
The discovery of the self-delete capability came through French security company Sekoia.io, highlighting the importance of international cooperation in cybersecurity operations.